CVE-2015-0258
published 2020-02-17CVE-2015-0258: Multiple incomplete blacklist vulnerabilities in the avatar upload functionality in manageuser.php in Collabtive before 2.1 allow remote authenticated users to…
PriorityP356high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
3.78%
88.6th percentile
Multiple incomplete blacklist vulnerabilities in the avatar upload functionality in manageuser.php in Collabtive before 2.1 allow remote authenticated users to execute arbitrary code by uploading a file with a (1) .php3, (2) .php4, (3) .php5, or (4) .phtml extension.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| o-dyn | collabtive | < 2.1 | 2.1 |
| o-dyn | collabtive | — | — |
| o-dyn | collabtive | >= 0 < 2.0+dfsg-6ubuntu1.1 | 2.0+dfsg-6ubuntu1.1 |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor file uploads to manageuser.php for avatar files with non-standard PHP-executable extensions (.php3, .php4, .php5, .phtml) that bypass the application's blacklist filter. ↗
- →Alert on authenticated POST requests to manageuser.php containing multipart file uploads where the filename ends in .php3, .php4, .php5, or .phtml. ↗
- →Inspect web server logs for GET/POST requests to avatar upload paths containing files with .php3/.php4/.php5/.phtml extensions, which may indicate post-exploitation webshell access. ↗
- ·The vulnerability is an incomplete blacklist — only certain PHP-executable extensions were blocked. Collabtive versions before 2.1 are affected; upgrade to 2.1 or later to remediate. ↗
- ·Exploitation requires an authenticated session; unauthenticated users cannot trigger this vulnerability. ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
osv8.8HIGH
vendor_ubuntu8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-2hf9-vh2r-j6vp: Multiple incomplete blacklist vulnerabilities in the avatar upload functionality in manageuser
ghsa_unreviewed·2022-05-24
CVE-2015-0258 [MEDIUM] CWE-434 GHSA-2hf9-vh2r-j6vp: Multiple incomplete blacklist vulnerabilities in the avatar upload functionality in manageuser
Multiple incomplete blacklist vulnerabilities in the avatar upload functionality in manageuser.php in Collabtive before 2.1 allow remote authenticated users to execute arbitrary code by uploading a file with a (1) .php3, (2) .php4, (3) .php5, or (4) .phtml extension.
OSV
collabtive vulnerability
osv·2020-10-19·CVSS 8.8
CVE-2015-0258 [HIGH] collabtive vulnerability
collabtive vulnerability
It was discovered that Collabtive did not properly validate avatar image
file uploads. An authenticated user could exploit this with a crafted file
to cause Collabtive to execute arbitrary code. (CVE-2015-0258)
OSV
CVE-2015-0258: Multiple incomplete blacklist vulnerabilities in the avatar upload functionality in manageuser
osv·2020-02-17·CVSS 8.8
CVE-2015-0258 [HIGH] CVE-2015-0258: Multiple incomplete blacklist vulnerabilities in the avatar upload functionality in manageuser
Multiple incomplete blacklist vulnerabilities in the avatar upload functionality in manageuser.php in Collabtive before 2.1 allow remote authenticated users to execute arbitrary code by uploading a file with a (1) .php3, (2) .php4, (3) .php5, or (4) .phtml extension.
Ubuntu
Collabtive vulnerability
vendor_ubuntu·2020-10-19·CVSS 8.8
CVE-2015-0258 [HIGH] Collabtive vulnerability
Title: Collabtive vulnerability
Summary: Collabtive could be made to run programs if it received
specially crafted network traffic from an authenticated user.
It was discovered that Collabtive did not properly validate avatar image
file uploads. An authenticated user could exploit this with a crafted file
to cause Collabtive to execute arbitrary code. (CVE-2015-0258)
Instructions: In general, a standard system update will make all the necessary changes.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/133736/Collabtive-2.0-Shell-Upload.htmlhttps://github.com/philippK-de/Collabtive/commit/9ce6301583669d0a8ecb4d23fb56e34b68511335https://lists.debian.org/debian-lts-announce/2020/02/msg00031.htmlhttps://usn.ubuntu.com/4590-1/http://packetstormsecurity.com/files/133736/Collabtive-2.0-Shell-Upload.htmlhttps://github.com/philippK-de/Collabtive/commit/9ce6301583669d0a8ecb4d23fb56e34b68511335https://lists.debian.org/debian-lts-announce/2020/02/msg00031.htmlhttps://usn.ubuntu.com/4590-1/
2020-02-17
Published