CVE-2008-6948

Collabtive 0.4.8 - Authenticated Remote Code Execution via Unrestricted File Upload

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-6948. PoCs published by USH.

AI-analyzed exploit summary This is a detailed technical writeup describing multiple vulnerabilities in Collabtive 0.4.8, including stored XSS, authentication bypass, and arbitrary file upload. It provides root cause analysis, exploitation steps, and technical details without functional exploit code.

Description

Unrestricted file upload vulnerability in Collabtive 0.4.8 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension and using a text/plain MIME type, then accessing it via a direct request to the file in files/, related to (1) the showproject action in managefile.php or (2) the Messages feature.

Exploits (1)

exploitdb WRITEUP VERIFIED

by USH · textwebappsphp

https://www.exploit-db.com/exploits/7076

View Code ZIP pw:eip

This is a detailed technical writeup describing multiple vulnerabilities in Collabtive 0.4.8, including stored XSS, authentication bypass, and arbitrary file upload. It provides root cause analysis, exploitation steps, and technical details without functional exploit code.

Classification

Writeup 100%

Attack Type

Xss | Auth Bypass | Other

Complexity

Moderate

Reliability

Reliable

Target: Collabtive 0.4.8

Auth required

Prerequisites: Administrator access for XSS · No authentication for auth bypass · Project assignment for file upload

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1133 - External Remote Services T1552 - Unsecured Credentials

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/7076

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/498186/100/0/threaded

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/32229

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/46498

Scores

EPSS 0.0787

EPSS Percentile 93.9%

Details

CWE

CWE-20

Status published

Products (1)

collabtive/collabtive 0.4.8

Published Aug 12, 2009

Tracked Since Feb 18, 2026