cbcvebase.
CVE-2015-0258
published 2020-02-17

CVE-2015-0258: Multiple incomplete blacklist vulnerabilities in the avatar upload functionality in manageuser.php in Collabtive before 2.1 allow remote authenticated users to…

PriorityP356high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
3.78%
88.6th percentile
Multiple incomplete blacklist vulnerabilities in the avatar upload functionality in manageuser.php in Collabtive before 2.1 allow remote authenticated users to execute arbitrary code by uploading a file with a (1) .php3, (2) .php4, (3) .php5, or (4) .phtml extension.

Affected

5 ranges
VendorProductVersion rangeFixed in
canonicalubuntu_linux
debiandebian_linux
o-dyncollabtive< 2.12.1
o-dyncollabtive
o-dyncollabtive>= 0 < 2.0+dfsg-6ubuntu1.12.0+dfsg-6ubuntu1.1

Detection & IOCsextracted from sources · hover to see the quote

pathmanageuser.php
filename.php3
filename.php4
filename.php5
filename.phtml
  • Monitor file uploads to manageuser.php for avatar files with non-standard PHP-executable extensions (.php3, .php4, .php5, .phtml) that bypass the application's blacklist filter.
  • Alert on authenticated POST requests to manageuser.php containing multipart file uploads where the filename ends in .php3, .php4, .php5, or .phtml.
  • Inspect web server logs for GET/POST requests to avatar upload paths containing files with .php3/.php4/.php5/.phtml extensions, which may indicate post-exploitation webshell access.
  • ·The vulnerability is an incomplete blacklist — only certain PHP-executable extensions were blocked. Collabtive versions before 2.1 are affected; upgrade to 2.1 or later to remediate.
  • ·Exploitation requires an authenticated session; unauthenticated users cannot trigger this vulnerability.

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
osv8.8HIGH
vendor_ubuntu8.8HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.