CVE-2012-2670

Collabtive < 0.7.6 - Authenticated Arbitrary File Upload and Remote Code Execution via Avatar File

Title source: llm
STIX 2.1

Description

manageuser.php in Collabtive before 0.7.6 allows remote authenticated users, and possibly unauthenticated attackers, to bypass intended access restrictions and upload and execute arbitrary files by uploading an avatar file with an accepted Content-Type such as image/jpeg, then accessing it via a direct request to the file in files/standard/avatar.

References (8)

Core 8
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/53813
Various Sources x_refsource_confirm
http://www.collabtive.o-dyn.de/blog/?p=426
Third Party Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2012-06/0007.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/76101
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/522973/30/0/threaded
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/06/06/6
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/06/06/9

Scores

EPSS 0.0151
EPSS Percentile 71.4%

Details

CWE
CWE-20
Status published
Products (4)
o-dyn/collabtive 0.6.4
o-dyn/collabtive 0.6.5
o-dyn/collabtive 0.7
o-dyn/collabtive < 0.7.5
Published Jun 17, 2012
Tracked Since Feb 18, 2026