Description
Multiple cross-site request forgery (CSRF) vulnerabilities in Collabtive 0.4.8 allow remote attackers to hijack the authentication of administrators for requests that (1) submit or edit a new project, or (2) upload files to a project, or (3) attach files to messages via unknown vectors. NOTE: these issues can be leveraged with other vulnerabilities to create remote attack vectors that do not require authentication.
Exploits (1)
References (2)
Core 2
Core References
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/7076
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/498186/100/0/threaded
Scores
EPSS
0.0020
EPSS Percentile
41.3%
Details
CWE
CWE-352
Status
published
Products (1)
collabtive/collabtive
0.4.8
Published
Aug 12, 2009
Tracked Since
Feb 18, 2026