Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2009-2133

EPSS 8.07% · P92
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2009-2133

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in Pivot 1.40.4 and 1.40.7 allow remote attackers to inject arbitrary web script or HTML via the (1) menu or (2) sort parameter to pivot/index.php, (3) the value of a check array parameter in a delete action to pivot/index.php, (4) the element name in a check array parameter in a delete action to pivot/index.php, (5) the edituser parameter in an edituser action to pivot/index.php, (6) the edit parameter in a templates action to pivot/index.php, (7) the blog parameter in a blog_edit1 action to pivot/index.php, (8) the cat parameter in a cat_edit action to pivot/index.php, (9) a certain form field in a doaction=1 request to pivot/index.php, (10) the url field in a my_weblog edit_prefs action to pivot/user.php, or (11) the username (aka name) field in a my_weblog reg_user action to pivot/user.php.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Pivot 多个跨站脚本攻击漏洞和HTML注入漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Pivot中存在多个跨站脚本攻击漏洞。远程攻击者可以借助(1)菜单或(2)对pivot/index.php的sort参数,(3)对pivot/index.php的一个删除操作中的检测排列参数值,(4)对pivot/index.php的一个删除操作的一个检测排列参数的元件名,(5)对pivot/index.php的一个edituser操作中的edituser参数,(6)对pivot/index.php的一个模块操作中的编辑参数,(7)对pivot/index.php的一个blog_edit1操作中的blog
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2009-2133

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2009-2133

登录查看更多情报信息。

Same Patch Batch · n/a · 2009-06-19 · 25 CVEs total

CVE-2009-2129Elvinbts Elvin login.php跨站请求伪造漏洞
CVE-2009-1692Apple iPhone 资源管理错误漏洞
CVE-2009-1683Apple iPhone 安全漏洞
CVE-2009-1680Apple iPhone 信息泄露漏洞
CVE-2009-1679Apple iPhone 权限许可和访问控制问题漏洞
CVE-2009-0961Apple iPhone 安全漏洞
CVE-2009-0960Apple iPhone 安全漏洞
CVE-2009-0959Apple iPhone 输入验证错误漏洞
CVE-2009-0958Apple iPhone 信息泄露漏洞
CVE-2009-21324Homepages 4images global.php目录遍历漏洞
CVE-2009-21314Homepages 4images member.php跨站脚本攻击漏洞
CVE-2009-2130Elvinbts Elvin多个PHP源代码泄露漏洞
CVE-2009-2134Pivot "pivot/tb.php" 信息泄露漏洞
CVE-2009-2128Elvinbts Elvin close_bug.php SQL注入漏洞
CVE-2009-2127Elvinbts Elvin show_activity.php跨站脚本攻击漏洞
CVE-2009-2126Elvinbts Elvin close_bug.php跨站脚本攻击漏洞
CVE-2009-2125Elvinbts Elvin delete_bug.php权限管理和访问控制漏洞
CVE-2009-2124Elvinbts Elvin page.php目录遍历漏洞
CVE-2009-2123Elvinbts Elvin多个SQL注入漏洞
CVE-2009-2122Paolo Palmonari Photoracer id参数SQL注入漏洞

Showing top 20 of 25 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2009-2133

No comments yet

Leave a comment