CVE-2010-4269

Collabtive 0.65 - SQL Injection via managechat.php chatstart[USERTOID] Cookie

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-4269. PoCs published by Anatolia Security.

AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in Collabtive 0.65 via the 'managechat.php' endpoint. The payload manipulates the 'chatstart[USERTOID]' cookie to extract user credentials from the database using a UNION-based attack.

Description

SQL injection vulnerability in managechat.php in Collabtive 0.65 allows remote attackers to execute arbitrary SQL commands via the chatstart[USERTOID] cookie in a pull action.

Exploits (1)

exploitdb WORKING POC

by Anatolia Security · textwebappsphp

https://www.exploit-db.com/exploits/15381

View Code ZIP pw:eip

This exploit demonstrates a SQL injection vulnerability in Collabtive 0.65 via the 'managechat.php' endpoint. The payload manipulates the 'chatstart[USERTOID]' cookie to extract user credentials from the database using a UNION-based attack.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Collabtive 0.65

No auth needed

Prerequisites: Access to the target application · Ability to set cookies

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit x_refsource_misc

http://packetstormsecurity.org/1011-exploits/collabtive065-sql.txt

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/62930

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/15381

Scores

EPSS 0.0112

EPSS Percentile 62.2%

Details

CWE

CWE-89

Status published

Products (1)

o-dyn/collabtive 0.6.5

Published Nov 17, 2010

Tracked Since Feb 18, 2026