CVE-2015-0258

Publication date 17 February 2020

Last updated 24 July 2024


Ubuntu priority

Cvss 3 Severity Score

8.8 · High

Score breakdown

Multiple incomplete blacklist vulnerabilities in the avatar upload functionality in manageuser.php in Collabtive before 2.1 allow remote authenticated users to execute arbitrary code by uploading a file with a (1) .php3, (2) .php4, (3) .php5, or (4) .phtml extension.

Status

Package Ubuntu Release Status
collabtive 20.04 LTS focal Not in release
19.10 eoan Not in release
18.04 LTS bionic Not in release
16.04 LTS xenial
Fixed 2.0+dfsg-6ubuntu1.1
14.04 LTS trusty Not in release

Severity score breakdown

Parameter Value
Base score 8.8 · High
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Scope Unchanged
Confidentiality High
Integrity impact High
Availability impact High
Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H