Vulnerability Description
functions/html_to_text.php in the Chat module before 1.5.2 for activeCollab allows remote authenticated users to execute arbitrary PHP code via the message[message_text] parameter to chat/add_messag, which is not properly handled when executing the preg_replace function with the eval switch.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| A51Dev | Activecollab Chat Module | 1.0 |
Related Weaknesses (CWE)
References
- http://osvdb.org/81966
- http://secunia.com/advisories/49246Vendor Advisory
- http://www.activecollab.com/downloads/category/4/package/62/releasesVendor Advisory
- http://www.exploit-db.com/exploits/18898Exploit
- http://www.securityfocus.com/bid/53624
- https://exchange.xforce.ibmcloud.com/vulnerabilities/75741
- http://osvdb.org/81966
- http://secunia.com/advisories/49246Vendor Advisory
- http://www.activecollab.com/downloads/category/4/package/62/releasesVendor Advisory
- http://www.exploit-db.com/exploits/18898Exploit
- http://www.securityfocus.com/bid/53624
- https://exchange.xforce.ibmcloud.com/vulnerabilities/75741
FAQ
What is CVE-2012-6554?
CVE-2012-6554 is a vulnerability with a CVSS score of 6.5 (MEDIUM). functions/html_to_text.php in the Chat module before 1.5.2 for activeCollab allows remote authenticated users to execute arbitrary PHP code via the message[message_text] parameter to chat/add_messag, ...
How severe is CVE-2012-6554?
CVE-2012-6554 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-6554?
Check the references section above for vendor advisories and patch information. Affected products include: A51Dev Activecollab Chat Module.