Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

ActiveCollab 2.3.0 Directory Traversal / Local File Inclusion

🗓️ 25 Jun 2010 00:00:00Reported by Jose Carlos de ArribaType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 14 Views

ActiveCollab 2.3.0 Directory Traversal / Local File Inclusion vulnerabilit

Code
`============================================================  
PAINSEC SECURITY RESEARCH GROUP SECURITY ADVISORY 2010-001  
- Original release date: June 24th, 2010  
- Discovered by: Jose Carlos de Arriba (dade (at) painsec (dot) com)  
- Severity: 10/10 (Base CVSS Score)  
============================================================  
  
I. VULNERABILITY  
-------------------------  
ActiveCollab 2.3.0 Local File Inclusion / Directory Traversal (prior  
version hasn't been checked so are probably vulnerable).  
  
II. BACKGROUND  
-------------------------  
ActiveCollab is a non-free project management & collaboration tool  
that you can  
set up on your own server or local network. Work with your team,  
clients and contractors in an easy to use environment, while keeping  
full control over your data.  
  
III. DESCRIPTION  
-------------------------  
ActiveCollab presents a Local File Inclusion / Directory Traversal  
vulnerability on its "module" parameter, due to an insufficient  
sanitization on user supplied data.  
  
A malicious user could get all the files in the web server, and also  
get all a shell in the system, in case of being able to write PHP code  
in any file that could be loaded through the "module" parameter  
(i.e Apache logs).  
  
IV. PROOF OF CONCEPT  
-------------------------  
http://www.victim.com/active/index.php?action=DetailView&module=/../....  
  
V. BUSINESS IMPACT  
-------------------------  
An attacker could get all files in the server or gain complete access.  
  
VI. SYSTEMS AFFECTED  
-------------------------  
ActiveCollab 2.3.0 (prior version hasn't been checked so are probably  
vulnerable).  
  
VII. SOLUTION  
-------------------------  
Corrected  
  
VIII. REFERENCES  
-------------------------  
http://www.activecollab.com  
http://www.painsec.com  
http://www.dadesecurity.com  
  
IX. CREDITS  
-------------------------  
This vulnerability has been discovered  
by Jose Carlos de Arriba (dade (at) painsec (dot) com).  
  
X. REVISION HISTORY  
-------------------------  
June 24, 2010: Initial release.  
  
XI. DISCLOSURE TIMELINE  
-------------------------  
June 9, 2010: Discovered by Jose Carlos de Arriba (Dade).  
June 19, 2010: Vendor contacted including PoC. No response.  
June 20, 2010: Response from ActiveCollab developer confirming  
future fix.  
June 24, 2010: Vulnerability fixed on 2.3.1 version release.  
  
XII. LEGAL NOTICES  
-------------------------  
The information contained within this advisory is supplied "as-is"  
with no warranties or guarantees of fitness of use or otherwise.  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
25 Jun 2010 00:00Current
7.4High risk
Vulners AI Score7.4
activecollabdirectory traversallocal file inclusionsecurity advisoryjose carlos de arribapainsec security research groupactivecollab 2.3.0vulnerabilityserver access
14