USN-4590-1: Collabtive vulnerability
19 October 2020
Collabtive could be made to run programs if it received specially crafted network traffic from an authenticated user.
- collabtive - Web-based project management software
It was discovered that Collabtive did not properly validate avatar image
file uploads. An authenticated user could exploit this with a crafted file
to cause Collabtive to execute arbitrary code. (CVE-2015-0258)