QwikSec

Security Database

CVE

CWE

Training

CVE-2015-0258

Published: Feb 17, 2020

Modified: Aug 6, 2024

PUBLISHED

Description

Multiple incomplete blacklist vulnerabilities in the avatar upload functionality in manageuser.php in Collabtive before 2.1 allow remote authenticated users to execute arbitrary code by uploading a file with a (1) .php3, (2) .php4, (3) .php5, or (4) .phtml extension.

Vendor	Product	Versions
n/a	Collabtive	affected `before 2.1`

References

http://packetstormsecurity.com/files/133736/Collabtive-2.0-Shell-Upload.html

x_refsource_MISC

https://github.com/philippK-de/Collabtive/commit/9ce6301583669d0a8ecb4d23fb56e34b68511335

x_refsource_MISC

[debian-lts-announce] 20200228 [SECURITY] [DLA 2125-1] collabtive security update

mailing-list

x_refsource_MLIST

vendor-advisory

x_refsource_UBUNTU

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.