Pivot Multiple Input Validation Vulnerabilities

Pivot Multiple Input Validation Vulnerabilities

Pivot is prone to multiple input-validation vulnerabilities, including remote file-include, local file-include, cross-site scripting, and privilege-escalation issues. All of these issues are due to a failure in the application to properly sanitize user-supplied input.

A successful exploit of these vulnerabilities could allow an attacker to compromise the application, access or modify data, steal cookie-based authentication credentials, execute remote PHP code in the context of the webserver process, and gain unauthorized privileges.

Pivot 1.30 RC2 and prior versions are vulnerable to this issue.