Vulnerability Details CVE-2015-5458
Session fixation vulnerability in fileupload.php in PivotX before 2.3.11 allows remote attackers to hijack web sessions via the sess parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.009
EPSS Ranking 74.3%
CVSS Severity
CVSS v2 Score 6.8
References
- http://blog.pivotx.net/archive/2015/06/21/pivotx-2311-released
- http://packetstormsecurity.com/files/132474/PivotX-2.3.10-Session-Fixation-XSS-Code-Execution.html
- http://software-talk.org/blog/2015/06/session-fixation-xss-code-execution-vulnerability-pivotx/
- http://sourceforge.net/p/pivot-weblog/code/4450/tree//branches/2.3.x/pivotx/fileupload.php?diff=51a4cb5e34309d75c0d1612a:4449
- http://www.securityfocus.com/archive/1/535860/100/0/threaded
- http://www.securityfocus.com/bid/75577
- http://blog.pivotx.net/archive/2015/06/21/pivotx-2311-released
- http://packetstormsecurity.com/files/132474/PivotX-2.3.10-Session-Fixation-XSS-Code-Execution.html
- http://software-talk.org/blog/2015/06/session-fixation-xss-code-execution-vulnerability-pivotx/
- http://sourceforge.net/p/pivot-weblog/code/4450/tree//branches/2.3.x/pivotx/fileupload.php?diff=51a4cb5e34309d75c0d1612a:4449
- http://www.securityfocus.com/archive/1/535860/100/0/threaded
- http://www.securityfocus.com/bid/75577
Products affected by CVE-2015-5458
-
cpe:2.3:a:pivotx:pivotx:2.1.0
-
cpe:2.3:a:pivotx:pivotx:2.1.1
-
cpe:2.3:a:pivotx:pivotx:2.1.2
-
cpe:2.3:a:pivotx:pivotx:2.2.0
-
cpe:2.3:a:pivotx:pivotx:2.2.1
-
cpe:2.3:a:pivotx:pivotx:2.2.2
-
cpe:2.3:a:pivotx:pivotx:2.2.3
-
cpe:2.3:a:pivotx:pivotx:2.2.5
-
cpe:2.3:a:pivotx:pivotx:2.3.0
-
cpe:2.3:a:pivotx:pivotx:2.3.10
-
cpe:2.3:a:pivotx:pivotx:2.3.2
-
cpe:2.3:a:pivotx:pivotx:2.3.3
-
cpe:2.3:a:pivotx:pivotx:2.3.5
-
cpe:2.3:a:pivotx:pivotx:2.3.6
-
cpe:2.3:a:pivotx:pivotx:2.3.7
-
cpe:2.3:a:pivotx:pivotx:2.3.8
-
cpe:2.3:a:pivotx:pivotx:2.3.9