Code injection

2008-12-2318:30:00

PRIOn knowledge base

www.prio-n.com

7.1 High

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

75.7%

JSON

Static code injection vulnerability in installation/setup.php in phpCollab 2.5 rc3 and earlier allows remote authenticated administrators to inject arbitrary PHP code into include/settings.php via the URI.

CPENameOperatorVersion
php-collabeq2.4
php-collabeq2.3
php-collabeq2.2
php-collable2.5

Name	Operator	Version
php-collab	eq	2.4
php-collab	eq	2.3
php-collab	eq	2.2
php-collab	le	2.5

References

bugs.gentoo.org/show_bug.cgi?id=235052

secunia.com/advisories/19449

secunia.com/advisories/33258

security.gentoo.org/glsa/glsa-200812-20.xml

www.securityfocus.com/bid/32964

exchange.xforce.ibmcloud.com/vulnerabilities/47521