activeCollab Chat Module Arbitrary PHP Code Execution Vulnerability
BID:53624
Info
activeCollab Chat Module Arbitrary PHP Code Execution Vulnerability
| Bugtraq ID: | 53624 |
| Class: | Input Validation Error |
| CVE: |
CVE-2012-6554 |
| Remote: | Yes |
| Local: | No |
| Published: | May 21 2012 12:00AM |
| Updated: | May 24 2013 05:14AM |
| Credit: | Stratsec |
| Vulnerable: |
A51 activeCollab Chat Module 1.5.1 |
| Not Vulnerable: |
A51 activeCollab Chat Module 1.5.2 |
Discussion
activeCollab Chat Module Arbitrary PHP Code Execution Vulnerability
activeCollab Chat Module is prone to a remote PHP code-execution vulnerability.
An attacker can exploit this issue to inject and execute arbitrary malicious PHP code in the context of the webserver process. This may facilitate a compromise of the application and the underlying system; other attacks are also possible.
Versions prior to activeCollab Chat Module 1.5.2 are vulnerable.
activeCollab Chat Module is prone to a remote PHP code-execution vulnerability.
An attacker can exploit this issue to inject and execute arbitrary malicious PHP code in the context of the webserver process. This may facilitate a compromise of the application and the underlying system; other attacks are also possible.
Versions prior to activeCollab Chat Module 1.5.2 are vulnerable.
Exploit / POC
activeCollab Chat Module Arbitrary PHP Code Execution Vulnerability
The following exploit code is available:
The following exploit code is available:
Solution / Fix
activeCollab Chat Module Arbitrary PHP Code Execution Vulnerability
Solution:
Updates are available. Please see the see reference for more details.
Solution:
Updates are available. Please see the see reference for more details.
References
activeCollab Chat Module Arbitrary PHP Code Execution Vulnerability
References:
References:
- activeCollab Homepage (Uswebstyle)
- Chat Version History (activeCollab)