VYPR

Phpcollab

by PHP Collab

CVEs (8)

  • CVE-2017-6090HigOct 3, 2017
    risk 0.68cvss 8.8epss 0.96

    Unrestricted file upload vulnerability in clients/editclient.php in PhpCollab 2.5.1 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in logos_clients/.

  • CVE-2017-6089CriOct 3, 2017
    risk 0.67cvss 9.8epss 0.03

    SQL injection vulnerability in PhpCollab 2.5.1 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) project or id parameters to topics/deletetopics.php; the (2) id parameter to bookmarks/deletebookmarks.php; or the (3) id parameter to…

  • CVE-2017-15907CriOct 26, 2017
    risk 0.64cvss 9.8epss 0.01

    SQL injection vulnerability in phpCollab 2.5.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to newsdesk/newsdesk.php.

  • CVE-2006-1495Mar 30, 2006
    risk 0.03cvss epss 0.06

    SQL injection vulnerability in general/sendpassword.php in (1) PHPCollab 2.4 and 2.5.rc3, and (2) NetOffice 2.5.3-pl1 and 2.6.0b2 allows remote attackers to execute arbitrary SQL commands via the loginForm parameter in the "forgotten password" option.

  • CVE-2011-3772Sep 24, 2011
    risk 0.00cvss epss 0.01

    phpCollab 2.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by topics/noti_newtopic.php and certain other files.

  • CVE-2008-4305Dec 23, 2008
    risk 0.00cvss epss 0.03

    Static code injection vulnerability in installation/setup.php in phpCollab 2.5 rc3 and earlier allows remote authenticated administrators to inject arbitrary PHP code into include/settings.php via the URI.

  • CVE-2008-4304Dec 23, 2008
    risk 0.00cvss epss 0.03

    general/login.php in phpCollab 2.5 rc3 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified input related to the SSL_CLIENT_CERT environment variable. NOTE: in some environments, SSL_CLIENT_CERT always has a base64-encoded…

  • CVE-2008-4303Dec 23, 2008
    risk 0.00cvss epss 0.01

    Multiple SQL injection vulnerabilities in phpCollab 2.5 rc3, 2.4, and earlier allow remote attackers to execute arbitrary SQL commands via the loginForm parameter to general/login.php, and unspecified other vectors.