CVE-2015-0258

Multiple incomplete blacklist vulnerabilities in the avatar upload functionality in manageuser.php in Collabtive before 2.1 allow remote authenticated users to execute arbitrary code by uploading a file with a (1) .php3, (2) .php4, (3) .php5, or (4) .phtml extension.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 93%
VendorProductVersion
o-dyncollabtive
𝑥
< 2.1
debiandebian_linux
8.0
canonicalubuntu_linux
16.04
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
collabtive
focal
dne
eoan
dne
bionic
dne
xenial
Fixed 2.0+dfsg-6ubuntu1.1
released
trusty
dne
Common Weakness Enumeration
References
http://packetstormsecurity.com/files/133736/Collabtive-2.0-Shell-Upload.html
https://github.com/philippK-de/Collabtive/commit/9ce6301583669d0a8ecb4d23fb56e34b68511335
https://lists.debian.org/debian-lts-announce/2020/02/msg00031.html
https://usn.ubuntu.com/4590-1/
http://packetstormsecurity.com/files/133736/Collabtive-2.0-Shell-Upload.html
https://github.com/philippK-de/Collabtive/commit/9ce6301583669d0a8ecb4d23fb56e34b68511335
https://lists.debian.org/debian-lts-announce/2020/02/msg00031.html
https://usn.ubuntu.com/4590-1/