O-dyn : Security Vulnerabilities, CVEs, CVSS score >= 7
Multiple incomplete blacklist vulnerabilities in the avatar upload functionality in manageuser.php in Collabtive before 2.1 allow remote authenticated users to execute arbitrary code by uploading a file with a (1) .php3, (2) .php4, (3) .php5, or (4) .phtml extension.
Max CVSS
8.8
EPSS Score
1.96%
Published
2020-02-17
Updated
2022-01-01
Collabtive 1.0 has incorrect access control
Max CVSS
9.8
EPSS Score
0.65%
Published
2019-12-27
Updated
2019-12-30
SQL injection vulnerability in managechat.php in Collabtive 0.65 allows remote attackers to execute arbitrary SQL commands via the chatstart[USERTOID] cookie in a pull action.
Max CVSS
7.5
EPSS Score
0.06%
Published
2010-11-17
Updated
2017-08-17
3 vulnerabilities found