High severity8.8NVD Advisory· Published Oct 3, 2017· Updated Jun 17, 2026
CVE-2017-6090
CVE-2017-6090
Description
Unrestricted file upload vulnerability in clients/editclient.php in PhpCollab 2.5.1 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in logos_clients/.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2cpe:2.3:a:phpcollab:phpcollab:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:phpcollab:phpcollab:*:*:*:*:*:*:*:*range: <=2.5.1
- (no CPE)range: <=2.5.1
Patches
Vulnerability mechanics
References
3- sysdream.com/news/lab/2017-09-29-cve-2017-6090-phpcollab-2-5-1-arbitrary-file-upload-unauthenticated/nvdExploitThird Party Advisory
- www.exploit-db.com/exploits/42934/nvdExploitThird Party AdvisoryVDB Entry
- www.exploit-db.com/exploits/43519/nvdExploitThird Party AdvisoryVDB Entry
News mentions
0No linked articles in our index yet.