Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-2670

Overview

Vulnerability Score 6.5 6.5
CVE Id CVE-2012-2670
Last Modified 20 Jun 2012 12:00:00
Published 16 Jun 2012 11:41:41
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2012-2670

Summary

manageuser.php in Collabtive before 0.7.6 allows remote authenticated users, and possibly unauthenticated attackers, to bypass intended access restrictions and upload and execute arbitrary files by uploading an avatar file with an accepted Content-Type such as image/jpeg, then accessing it via a direct request to the file in files/standard/avatar.

Vulnerable Systems

Application

  • O-dyn Collabtive 0.6.4

  • O-dyn Collabtive 0.6.5

  • O-dyn Collabtive 0.7

  • O-dyn Collabtive 0.7.5


References

MISC - http://xync.org/2012/06/04/Arbitrary-File-Upload-in-Collabtive.html

XF - collabtive-manageuser-file-upload(76101)

BID - 53813

BUGTRAQ - 20120605 Arbitrary File Upload/Execution in Collabtive

MLIST - [oss-security] 20120606 Re: Arbitrary File Upload/Execution in Collabtive

MLIST - [oss-security] 20120606 Arbitrary File Upload/Execution in Collabtive

CONFIRM - http://www.collabtive.o-dyn.de/blog/?p=426

BUGTRAQ - 20120604 Arbitrary File Upload/Execution in Collabtive


Last Updated: 27 May 2016 10:56:32