o-dyn Collabtive 0.4.7

CPE Details

o-dyn Collabtive 0.4.7
o-dyn
collabtive
0.4.7
2010-11-18
16h59 +00:00
2010-11-19
17h33 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:o-dyn:collabtive:0.4.7:*:*:*:*:*:*:*

Informations

Vendor

o-dyn

Product

collabtive

Version

0.4.7

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2015-0258 2020-02-17 16h46 +00:00 Multiple incomplete blacklist vulnerabilities in the avatar upload functionality in manageuser.php in Collabtive before 2.1 allow remote authenticated users to execute arbitrary code by uploading a file with a (1) .php3, (2) .php4, (3) .php5, or (4) .phtml extension.
8.8
High
CVE-2013-6872 2014-01-21 14h00 +00:00 SQL injection vulnerability in managetimetracker.php in Collabtive before 1.2 allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a projectpdf action.
6.5
CVE-2012-2670 2012-06-16 23h00 +00:00 manageuser.php in Collabtive before 0.7.6 allows remote authenticated users, and possibly unauthenticated attackers, to bypass intended access restrictions and upload and execute arbitrary files by uploading an avatar file with an accepted Content-Type such as image/jpeg, then accessing it via a direct request to the file in files/standard/avatar.
6.5