Unrated severityNVD Advisory· Published Feb 17, 2020· Updated Aug 6, 2024
CVE-2015-0258
CVE-2015-0258
Description
Multiple incomplete blacklist vulnerabilities in the avatar upload functionality in manageuser.php in Collabtive before 2.1 allow remote authenticated users to execute arbitrary code by uploading a file with a (1) .php3, (2) .php4, (3) .php5, or (4) .phtml extension.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Collabtive/Collabtivedescription
- Range: <2.1
Patches
Vulnerability mechanics
References
4- usn.ubuntu.com/4590-1/mitrevendor-advisoryx_refsource_UBUNTU
- packetstormsecurity.com/files/133736/Collabtive-2.0-Shell-Upload.htmlmitrex_refsource_MISC
- github.com/philippK-de/Collabtive/commit/9ce6301583669d0a8ecb4d23fb56e34b68511335mitrex_refsource_MISC
- lists.debian.org/debian-lts-announce/2020/02/msg00031.htmlmitremailing-listx_refsource_MLIST
News mentions
0No linked articles in our index yet.