3 matches found
CVE-2017-6090
CVE-2017-6090 affects PhpCollab 2.5.1 and earlier. Unrestricted file upload in clients/editclient.php allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension and accessing it under logos_clients/. The vulnerability has public PoCs and exploit c...
CVE-2017-6089
PhpCollab 2.5.1 and earlier versions are affected by a SQL injection vulnerability. The issue allows remote attackers to execute arbitrary SQL commands through parameters in topics/deletetopics.php (project or id), bookmarks/deletebookmarks.php (id), and calendar/deletecalendar.php, leading to po...
CVE-2017-15907
CVE-2017-15907: SQL injection in phpCollab 2.5.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to newsdesk/newsdesk.php. Affected: phpCollab (2.5.1 and earlier). Root cause: unsafely embedded user input in SQL query construction. Impact: potential data...