CVE-2010-0215

EUVD-2010-0246
ActiveCollab before 2.3.2 allows remote authenticated users to bypass intended access restrictions, and (1) delete an attachment or (2) subscribe to an object, via a crafted URL.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:S/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 29%
Affected Products (NVD)
VendorProductVersion
activecollabactivecollab
𝑥
≤ 2.3.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.activecollab.com/docs/manuals/admin/release-notes/activecollab-2-3-2
http://www.kb.cert.org/vuls/id/236703
http://www.activecollab.com/docs/manuals/admin/release-notes/activecollab-2-3-2
http://www.kb.cert.org/vuls/id/236703