general/login.php in phpCollab 2.5 rc3 and previous versions allows remote malicious users to execute arbitrary commands via shell metacharacters in unspecified input related to the SSL_CLIENT_CERT environment variable. NOTE: in some environments, SSL_CLIENT_CERT always has a base64-encoded string value, which may impose constraints on injection for typical shells.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
phpcollab phpcollab 2.5 |
||
phpcollab phpcollab |
||
phpcollab phpcollab 2.4 |
||
phpcollab phpcollab 2.3 |
||
phpcollab phpcollab 2.2 |