CVE-2008-6949

Collabtive - Cross-Site Request Forgery

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-6949. PoCs published by USH.

AI-analyzed exploit summary This is a detailed technical writeup describing multiple vulnerabilities in Collabtive 0.4.8, including stored XSS, authentication bypass, and arbitrary file upload. It provides root cause analysis, exploitation steps, and technical details without functional exploit code.

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in Collabtive 0.4.8 allow remote attackers to hijack the authentication of administrators for requests that (1) submit or edit a new project, or (2) upload files to a project, or (3) attach files to messages via unknown vectors. NOTE: these issues can be leveraged with other vulnerabilities to create remote attack vectors that do not require authentication.

Exploits (1)

exploitdb WRITEUP VERIFIED

by USH · textwebappsphp

https://www.exploit-db.com/exploits/7076

View Code ZIP pw:eip

This is a detailed technical writeup describing multiple vulnerabilities in Collabtive 0.4.8, including stored XSS, authentication bypass, and arbitrary file upload. It provides root cause analysis, exploitation steps, and technical details without functional exploit code.

Classification

Writeup 100%

Attack Type

Xss | Auth Bypass | Other

Complexity

Moderate

Reliability

Reliable

Target: Collabtive 0.4.8

Auth required

Prerequisites: Administrator access for XSS · No authentication for auth bypass · Project assignment for file upload

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1133 - External Remote Services T1552 - Unsecured Credentials

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/7076

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/498186/100/0/threaded

Scores

EPSS 0.0179

EPSS Percentile 75.5%

Details

CWE

CWE-352

Status published

Products (1)

collabtive/collabtive 0.4.8

Published Aug 12, 2009

Tracked Since Feb 18, 2026