Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Collabtive Unrestricted Upload of File with Dangerous Type Vulnerability - CVE-2015-0258 - Vulnerability Database
Collabtive

Collabtive Unrestricted Upload of File with Dangerous Type Vulnerability - CVE-2015-0258

High
Reference: CVE-2015-0258
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2015-0258
Title: Collabtive Unrestricted Upload of File with Dangerous Type Vulnerability
Overview:

Multiple incomplete blacklist vulnerabilities in the avatar upload functionality in manageuser.php in Collabtive before 2.1 allow remote authenticated users to execute arbitrary code by uploading a file with a (1) .php3 (2) .php4 (3) .php5 or (4) .phtml extension.