CVE-2017-6090

CVE-2017-6090 affects PhpCollab 2.5.1 and earlier. Unrestricted file upload in clients/editclient.php allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension and accessing it under logos_clients/. The vulnerability has public PoCs and exploit c...

CVE-2017-6089

PhpCollab 2.5.1 and earlier versions are affected by a SQL injection vulnerability. The issue allows remote attackers to execute arbitrary SQL commands through parameters in topics/deletetopics.php (project or id), bookmarks/deletebookmarks.php (id), and calendar/deletecalendar.php, leading to po...

CVE-2006-1495

CVE-2006-1495 describes an SQL injection in general/sendpassword.php (forgotten password flow) affecting PHPCollab 2.4 and 2.5.rc3, and NetOffice 2.5.3-pl1 and 2.6.0b2. The issue stems from unsanitized loginForm input used in an SQL statement, enabling remote attackers to execute arbitrary SQL co...

CVE-2017-15907

CVE-2017-15907: SQL injection in phpCollab 2.5.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to newsdesk/newsdesk.php. Affected: phpCollab (2.5.1 and earlier). Root cause: unsafely embedded user input in SQL query construction. Impact: potential data...

CVE-2008-4304

CVE-2008-4304 affects phpCollab 2.5 rc3 and older, where general/login.php can allow remote code execution via shell metacharacters in input related to SSL_CLIENT_CERT. The root cause is improper sanitization of the SSL_CLIENT_CERT usage in a shell command, enabling an attacker to run arbitrary c...