CVE-2012-2670

NONECVSS 0.0

0.0

manageuser.php in Collabtive before 0.7.6 allows remote authenticated users, and possibly unauthenticated attackers, to bypass intended access restrictions and upload and execute arbitrary files by uploading an avatar file with an accepted Content-Type such as image/jpeg, then accessing it via a direct request to the file in files/standard/avatar.

🔗 References (16)

secalert@redhathttp://archives.neohapsis.com/archives/bugtraq/2012-06/0007.html
secalert@redhathttp://www.collabtive.o-dyn.de/blog/?p=426
secalert@redhathttp://www.openwall.com/lists/oss-security/2012/06/06/6
secalert@redhathttp://www.openwall.com/lists/oss-security/2012/06/06/9
secalert@redhathttp://www.securityfocus.com/archive/1/522973/30/0/threaded
secalert@redhathttp://www.securityfocus.com/bid/53813
secalert@redhathttp://xync.org/2012/06/04/Arbitrary-File-Upload-in-Collabtive.html
secalert@redhathttps://exchange.xforce.ibmcloud.com/vulnerabilities/76101
af854a3a-2127-422b-91ae-364da2661108http://archives.neohapsis.com/archives/bugtraq/2012-06/0007.html
af854a3a-2127-422b-91ae-364da2661108http://www.collabtive.o-dyn.de/blog/?p=426
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2012/06/06/6
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2012/06/06/9
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/522973/30/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/53813
af854a3a-2127-422b-91ae-364da2661108http://xync.org/2012/06/04/Arbitrary-File-Upload-in-Collabtive.html

Is Your Infrastructure Affected by CVE-2012-2670?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2012-2670

📅 Published

🔄 Last Modified

🔗 References (16)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2012-2670?