CVE-2017-7570

PivotX 2.3.11 allows remote authenticated Advanced users to execute arbitrary PHP code by performing an upload with a safe file extension (such as .jpg) and then invoking the duplicate function to change to the .php extension.
Code Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 73%
VendorProductVersion
pivotxpivotx
2.3.11
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://gist.github.com/X1nda/749b6aac6e080624d9f8ec81321335df
https://gist.github.com/X1nda/749b6aac6e080624d9f8ec81321335df