CVE-2012-6554

activeCollab Chat Module < 1.5.2 - Authenticated Remote Code Execution via Message Text Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2012-6554. PoCs published by Metasploit, including Metasploit module exploits/multi/http/activecollab_chat.

AI-analyzed exploit summary This Metasploit module exploits a PHP code injection vulnerability in Active Collab's chat module (CVE-2012-6554) by abusing a preg_replace() function with the /e modifier. It authenticates, injects malicious code via a crafted message, and triggers execution by accessing the chat history.

Description

functions/html_to_text.php in the Chat module before 1.5.2 for activeCollab allows remote authenticated users to execute arbitrary PHP code via the message[message_text] parameter to chat/add_messag, which is not properly handled when executing the preg_replace function with the eval switch.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotephp
https://www.exploit-db.com/exploits/18898

This Metasploit module exploits a PHP code injection vulnerability in Active Collab's chat module (CVE-2012-6554) by abusing a preg_replace() function with the /e modifier. It authenticates, injects malicious code via a crafted message, and triggers execution by accessing the chat history.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Active Collab <= 2.3.8
Auth required
Prerequisites: Valid credentials for Active Collab · Chat module enabled
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/activecollab_chat.rb

This Metasploit module exploits a PHP code injection vulnerability in Active Collab's chat module via a `preg_replace()` with the `/e` modifier. It authenticates, injects malicious payload via a crafted message, and triggers execution by accessing the chat history.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Active Collab <= 2.3.8
Auth required
Prerequisites: Valid credentials for Active Collab · Chat module enabled
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/18898
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/75741
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/81966
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/53624
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/49246

Scores

EPSS 0.1670
EPSS Percentile 96.6%

Details

CWE
CWE-20
Status published
Products (10)
a51dev/activecollab_chat_module 1.0
a51dev/activecollab_chat_module 1.1
a51dev/activecollab_chat_module 1.1.1
a51dev/activecollab_chat_module 1.2
a51dev/activecollab_chat_module 1.3
a51dev/activecollab_chat_module 1.3.2
a51dev/activecollab_chat_module 1.4
a51dev/activecollab_chat_module 1.4.1
a51dev/activecollab_chat_module 1.5
a51dev/activecollab_chat_module 1.5.1
Published May 23, 2013
Tracked Since Feb 18, 2026