Your submission was sent successfully! Close

CVE-2015-0258

Published: 17 February 2020

Multiple incomplete blacklist vulnerabilities in the avatar upload functionality in manageuser.php in Collabtive before 2.1 allow remote authenticated users to execute arbitrary code by uploading a file with a (1) .php3, (2) .php4, (3) .php5, or (4) .phtml extension.

Priority

Medium

CVSS 3 base score: 8.8

Status

Package Release Status
collabtive
Launchpad, Ubuntu, Debian
bionic Does not exist

eoan Does not exist

focal Does not exist

precise Does not exist

trusty Does not exist

upstream Needs triage

xenial
Released (2.0+dfsg-6ubuntu1.1)