Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
phpcollab phpcollab vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2008-4304
general/login.php in phpCollab 2.5 rc3 and previous versions allows remote malicious users to execute arbitrary commands via shell metacharacters in unspecified input related to the SSL_CLIENT_CERT environment variable. NOTE: in some environments, SSL_CLIENT_CERT always has a bas...
Phpcollab Phpcollab 2.5
Phpcollab Phpcollab
Phpcollab Phpcollab 2.4
Phpcollab Phpcollab 2.3
Phpcollab Phpcollab 2.2
NA
CVE-2006-1495
SQL injection vulnerability in general/sendpassword.php in (1) PHPCollab 2.4 and 2.5.rc3, and (2) NetOffice 2.5.3-pl1 and 2.6.0b2 allows remote malicious users to execute arbitrary SQL commands via the loginForm parameter in the "forgotten password" option.
Phpcollab Phpcollab 2.5.rc3
Netoffice Netoffice 2.5.3 Pl1
Phpcollab Phpcollab 2.4
1 EDB exploit
9.8
CVSSv3
CVE-2017-6089
SQL injection vulnerability in PhpCollab 2.5.1 and previous versions allows remote malicious users to execute arbitrary SQL commands via the (1) project or id parameters to topics/deletetopics.php; the (2) id parameter to bookmarks/deletebookmarks.php; or the (3) id parameter to ...
Phpcollab Phpcollab
1 EDB exploit
8.8
CVSSv3
CVE-2017-6090
Unrestricted file upload vulnerability in clients/editclient.php in PhpCollab 2.5.1 and previous versions allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in logos_clie...
Phpcollab Phpcollab
2 EDB exploits
2 Github repositories
9.8
CVSSv3
CVE-2017-15907
SQL injection vulnerability in phpCollab 2.5.1 and previous versions allows remote malicious users to execute arbitrary SQL commands via the id parameter to newsdesk/newsdesk.php.
Phpcollab Phpcollab
NA
CVE-2011-3772
phpCollab 2.5 allows remote malicious users to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by topics/noti_newtopic.php and certain other files.
Php-collab Phpcollab 2.5
NA
CVE-2008-4305
Static code injection vulnerability in installation/setup.php in phpCollab 2.5 rc3 and previous versions allows remote authenticated administrators to inject arbitrary PHP code into include/settings.php via the URI.
Php-collab Php-collab
Php-collab Php-collab 2.4
Php-collab Php-collab 2.2
Php-collab Php-collab 2.3
NA
CVE-2008-4303
Multiple SQL injection vulnerabilities in phpCollab 2.5 rc3, 2.4, and previous versions allow remote malicious users to execute arbitrary SQL commands via the loginForm parameter to general/login.php, and unspecified other vectors.
Php-collab Php-collab 2.2
Php-collab Php-collab 2.3
Php-collab Php-collab
Php-collab Php-collab 2.4
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
CVE-2006-4304
CVE-2023-26603
CVE-2024-28327
CVE-2023-50363
CVE-2024-21905
template injection
CVE-2024-3400
cross-site request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started