103 matches found
CVE-2017-15907
CVE-2017-15907: SQL injection in phpCollab 2.5.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to newsdesk/newsdesk.php. Affected: phpCollab (2.5.1 and earlier). Root cause: unsafely embedded user input in SQL query construction. Impact: potential data...
CVE-2017-15907
SQL injection vulnerability in phpCollab 2.5.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to newsdesk/newsdesk.php...
phpCollab SQL Injection Vulnerability
phpCollab is an open source Internet enablement system for projects that require collaboration over the Internet. A SQL injection vulnerability exists in phpCollab 2.5.1 and earlier versions. The vulnerability can be exploited by remote attackers to execute arbitrary SQL commands via the id...
CVE-2017-6090
Unrestricted file upload vulnerability in clients/editclient.php in PhpCollab 2.5.1 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in logosclients/...
CVE-2017-6089
SQL injection vulnerability in PhpCollab 2.5.1 and earlier allows remote attackers to execute arbitrary SQL commands via the 1 project or id parameters to topics/deletetopics.php; the 2 id parameter to bookmarks/deletebookmarks.php; or the 3 id parameter to calendar/deletecalendar.php...
CVE-2017-6089
SQL injection vulnerability in PhpCollab 2.5.1 and earlier allows remote attackers to execute arbitrary SQL commands via the 1 project or id parameters to topics/deletetopics.php; the 2 id parameter to bookmarks/deletebookmarks.php; or the 3 id parameter to calendar/deletecalendar.php...
CVE-2017-6090
Unrestricted file upload vulnerability in clients/editclient.php in PhpCollab 2.5.1 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in logosclients/...
Unrestricted file upload
Unrestricted file upload vulnerability in clients/editclient.php in PhpCollab 2.5.1 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in logosclients/...
Sql injection
SQL injection vulnerability in PhpCollab 2.5.1 and earlier allows remote attackers to execute arbitrary SQL commands via the 1 project or id parameters to topics/deletetopics.php; the 2 id parameter to bookmarks/deletebookmarks.php; or the 3 id parameter to calendar/deletecalendar.php...
CVE-2017-6089
SQL injection vulnerability in PhpCollab 2.5.1 and earlier allows remote attackers to execute arbitrary SQL commands via the 1 project or id parameters to topics/deletetopics.php; the 2 id parameter to bookmarks/deletebookmarks.php; or the 3 id parameter to calendar/deletecalendar.php...
CVE-2017-6090
Unrestricted file upload vulnerability in clients/editclient.php in PhpCollab 2.5.1 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in logosclients/...
CVE-2017-6090
CVE-2017-6090 affects PhpCollab 2.5.1 and earlier. Unrestricted file upload in clients/editclient.php allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension and accessing it under logos_clients/. The vulnerability has public PoCs and exploit c...
CVE-2017-6089
PhpCollab 2.5.1 and earlier versions are affected by a SQL injection vulnerability. The issue allows remote attackers to execute arbitrary SQL commands through parameters in topics/deletetopics.php (project or id), bookmarks/deletebookmarks.php (id), and calendar/deletecalendar.php, leading to po...
phpCollab 2.5.1 - Arbitrary File Upload
CVE-2017-6090 PhpCollab 2.5.1 Arbitrary File Upload unauthenticated Description PhpCollab is an open source web-based project management system, that enables collaboration across the Internet. Arbitrary File Upload The phpCollab code does not correctly filter uploaded file contents. An...
phpCollab 2.5.1 - SQL Injection
phpCollab 2.5.1 - SQL Injection CVE-2017-6089 PhpCollab 2.5.1 Multiple SQL Injections unauthenticated Description PhpCollab is an open source web-based project management system, that enables collaboration across the Internet. SQL injections The phpCollab code does not correctly filter arguments,...
phpCollab 2.5.1 - Arbitrary File Upload
phpCollab 2.5.1 - Arbitrary File Upload CVE-2017-6090 PhpCollab 2.5.1 Arbitrary File Upload unauthenticated Description PhpCollab is an open source web-based project management system, that enables collaboration across the Internet. Arbitrary File Upload The phpCollab code does not correctly filt...
phpCollab 2.5.1 - SQL Injection
CVE-2017-6089 PhpCollab 2.5.1 Multiple SQL Injections unauthenticated Description PhpCollab is an open source web-based project management system, that enables collaboration across the Internet. SQL injections The phpCollab code does not correctly filter arguments, allowing arbitrary SQL code...
PhpCollab 2.5.1 Shell Upload Exploit
Exploit for php platform in category web applications CVE-2017-6090 PhpCollab 2.5.1 Arbitrary File Upload unauthenticated Description PhpCollab is an open source web-based project management system, that enables collaboration across the Internet. Arbitrary File Upload The phpCollab code does not...
PhpCollab 2.5.1 SQL Injection Vulnerability
Exploit for php platform in category web applications CVE-2017-6089 PhpCollab 2.5.1 Multiple SQL Injections unauthenticated Description PhpCollab is an open source web-based project management system, that enables collaboration across the Internet. SQL injections The phpCollab code does not...
PhpCollab 2.5.1 SQL Injection
CVE-2017-6089 PhpCollab 2.5.1 Multiple SQL Injections unauthenticated Description PhpCollab is an open source web-based project management system, that enables collaboration across the Internet. SQL injections The phpCollab code does not correctly filter arguments, allowing arbitrary SQL code...