VDB
CVE-2015-0258
CVE-2015-0258
PUBLISHED
Multiple incomplete blacklist vulnerabilities in the avatar upload functionality in manageuser.php in Collabtive before 2.1 allow remote authenticated users to execute arbitrary code by uploading a file with a (1) .php3, (2) .php4, (3) .php5, or (4) .phtml extension.
EPSS 12.94% · 94.2th percentile
Risk Scores
EPSS Score
12.94%
94.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:16.04:LTS | collabtive | 2.0+dfsg-6, 2.0+dfsg-6ubuntu1, 0 |
Exploit Intelligence
- https://github.com/philippK-de/Collabtive/commit/9ce6301583669d0a8ecb4d23fb56e34b68511335 (circl)
- [debian-lts-announce] 20200228 [SECURITY] [DLA 2125-1] collabtive security update (circl)
- USN-4590-1 (circl)
- http://packetstormsecurity.com/files/133736/Collabtive-2.0-Shell-Upload.html (vulncheck-nvd)
- Collabtive 2.0 Shell Upload Vulnerability (0day-today)
- Collabtive 2.0 Shell Upload Vulnerability (0day-today)
Timeline
- Sep 28, 2015 PoC Published
- Feb 17, 2020 CVE Published
- Feb 4, 2022 EPSS Score
- May 20, 2022 EPSS Score
- May 24, 2022 CVE Updated
- Jul 12, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- Jul 16, 2023 EPSS Score
- Sep 7, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2015-0258 third-party-advisory
- http://packetstormsecurity.com/files/133736/Collabtive-2.0-Shell-Upload.html third-party-advisory
- https://github.com/philippK-de/Collabtive/commit/9ce6301583669d0a8ecb4d23fb56e34b68511335 third-party-advisory
- https://ubuntu.com/security/notices/USN-4590-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2015-0258 third-party-advisory