VYPR
Unrated severityNVD Advisory· Published Jul 12, 2006· Updated Jun 16, 2026

CVE-2006-3531

CVE-2006-3531

Description

includes/editor/insert_image.php in Pivot 1.30 RC2 and earlier creates the authentication credentials from parameters, which allows remote attackers to obtain privileges and upload arbitrary files via modified (1) pass and (2) session parameters, and (3) pass and (4) userlevel indices of the (a) Pivot_Vars[] or (b) Users[] array parameters.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Pivot/Pivot2 versions
    cpe:2.3:a:pivot:pivot:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:pivot:pivot:*:*:*:*:*:*:*:*range: <=1.30_rc2
    • (no CPE)range: <=1.30 RC2

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.