QwikSec

Security Database

CVE

CWE

Training

CVE-2012-2670

Published: Jun 17, 2012

Modified: Aug 6, 2024

PUBLISHED

Description

manageuser.php in Collabtive before 0.7.6 allows remote authenticated users, and possibly unauthenticated attackers, to bypass intended access restrictions and upload and execute arbitrary files by uploading an avatar file with an accepted Content-Type such as image/jpeg, then accessing it via a direct request to the file in files/standard/avatar.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vdb-entry

x_refsource_BID

http://www.collabtive.o-dyn.de/blog/?p=426

x_refsource_CONFIRM

20120604 Arbitrary File Upload/Execution in Collabtive

mailing-list

x_refsource_BUGTRAQ

collabtive-manageuser-file-upload(76101)

vdb-entry

x_refsource_XF

http://xync.org/2012/06/04/Arbitrary-File-Upload-in-Collabtive.html

x_refsource_MISC

20120605 Arbitrary File Upload/Execution in Collabtive

mailing-list

x_refsource_BUGTRAQ

[oss-security] 20120606 Arbitrary File Upload/Execution in Collabtive

mailing-list

x_refsource_MLIST

[oss-security] 20120606 Re: Arbitrary File Upload/Execution in Collabtive

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

CVE-2012-2670 - Security Vulnerability | QwikSec