vendor:
phpCollab
by:
Nicolas SERRA and Nick Marcoccio
8.8
CVSS
HIGH
Arbitrary File Upload
434
CWE
Product Name: phpCollab
Affected Version From: 2.5.1
Affected Version To: 2.5.1
Patch Exists: NO
Related CWE: CVE-2017-6090
CPE: a:phpcollab:phpcollab
Metasploit:
N/A
Other Scripts:
N/A
Platforms Tested: Ubuntu 16.04.3 64-bit
2017
phpCollab 2.5.1 Unauthenticated File Upload
This module exploits a file upload vulnerability in phpCollab 2.5.1 which could be abused to allow unauthenticated users to execute arbitrary code under the context of the web server user.
Mitigation:
No known mitigation or remediation for this vulnerability
