Main
Vulnerability Database
Exploits
ID:6323 - Exploit for Improper input validation in phpCollab - CVE-2017-6090
ID:6323 - Exploit for Improper input validation in phpCollab - CVE-2017-6090
Published: June 17, 2021
Vulnerability identifier: #VU10344
Vulnerability risk: High
CVE-ID: CVE-2017-6090
CWE-ID: CWE-20
Exploitation vector: Remote access
Vulnerable software:
phpCollab
phpCollab
Link to public exploit:
Vulnerability description
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists in the clients/editclient.php code of phpCollab due to insufficient validation of user-supplied input. A remote attacker can send a specially crafted HTTP request to upload and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
The weakness exists in the clients/editclient.php code of phpCollab due to insufficient validation of user-supplied input. A remote attacker can send a specially crafted HTTP request to upload and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
Remediation
Update to version 2.6.