Vulnerability Description
manageuser.php in Collabtive before 0.7.6 allows remote authenticated users, and possibly unauthenticated attackers, to bypass intended access restrictions and upload and execute arbitrary files by uploading an avatar file with an accepted Content-Type such as image/jpeg, then accessing it via a direct request to the file in files/standard/avatar.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| O-Dyn | Collabtive | <= 0.7.5 |
Related Weaknesses (CWE)
References
- http://archives.neohapsis.com/archives/bugtraq/2012-06/0007.html
- http://www.collabtive.o-dyn.de/blog/?p=426
- http://www.openwall.com/lists/oss-security/2012/06/06/6
- http://www.openwall.com/lists/oss-security/2012/06/06/9
- http://www.securityfocus.com/archive/1/522973/30/0/threaded
- http://www.securityfocus.com/bid/53813
- http://xync.org/2012/06/04/Arbitrary-File-Upload-in-Collabtive.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/76101
- http://archives.neohapsis.com/archives/bugtraq/2012-06/0007.html
- http://www.collabtive.o-dyn.de/blog/?p=426
- http://www.openwall.com/lists/oss-security/2012/06/06/6
- http://www.openwall.com/lists/oss-security/2012/06/06/9
- http://www.securityfocus.com/archive/1/522973/30/0/threaded
- http://www.securityfocus.com/bid/53813
- http://xync.org/2012/06/04/Arbitrary-File-Upload-in-Collabtive.html
FAQ
What is CVE-2012-2670?
CVE-2012-2670 is a vulnerability with a CVSS score of 6.5 (MEDIUM). manageuser.php in Collabtive before 0.7.6 allows remote authenticated users, and possibly unauthenticated attackers, to bypass intended access restrictions and upload and execute arbitrary files by up...
How severe is CVE-2012-2670?
CVE-2012-2670 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-2670?
Check the references section above for vendor advisories and patch information. Affected products include: O-Dyn Collabtive.