Back to search
CVE-2008-4304
Published: Dec 23, 2008
Modified: Aug 7, 2024
PUBLISHED
Description
general/login.php in phpCollab 2.5 rc3 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified input related to the SSL_CLIENT_CERT environment variable. NOTE: in some environments, SSL_CLIENT_CERT always has a base64-encoded string value, which may impose constraints on injection for typical shells.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://bugs.gentoo.org/show_bug.cgi?id=235052
x_refsource_CONFIRM
32964
vdb-entry
x_refsource_BID
phpcollab-login-command-execution(47522)
vdb-entry
x_refsource_XF
GLSA-200812-20
vendor-advisory
x_refsource_GENTOO
33258
third-party-advisory
x_refsource_SECUNIA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now