Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.8
CVSSv3

CVE-2017-6090

Published: 03/10/2017 Updated: 13/03/2019
CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 661
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Subscribe to Phpcollab

Vulnerability Summary

Unrestricted file upload vulnerability in clients/editclient.php in PhpCollab 2.5.1 and previous versions allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in logos_clients/.

Vulnerable Product Search on Vulmon Subscribe to Product

phpcollab phpcollab

Exploits

Exploit DB: PhpCollab 2.5.1 Shell Upload
PhpCollab versions 251 and below suffer from a remote shell upload vulnerability ...
Exploit DB: phpCollab 2.5.1 - File Upload (Metasploit)
## # This module requires Metasploit: metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient include Msf::Exploit::FileDropper def initialize(info = {}) super(update_info(info, ...
Exploit DB: phpCollab 2.5.1 - Arbitrary File Upload
# [CVE-2017-6090] PhpCollab 251 Arbitrary File Upload (unauthenticated) ## Description PhpCollab is an open source web-based project management system, that enables collaboration across the Internet ## Arbitrary File Upload The phpCollab code does not correctly filter uploaded file contents An unauthenticated attacker may upload and execute ...

Github Repositories

https://github.com/asaotomo/FofaMap

FofaMap是一款基于Python3开发的跨平台FOFA API数据采集器,支持普通查询、网站存活检测、统计聚合查询、Host聚合查询、网站图标查询、批量查询等查询功能。同时FofaMap还能够自定义查询FOFA数据,并根据查询结果自动去重和筛选关键字,生成对应的Excel表格。另外春节特别版还可以调用Nuclei对FofaMap查询出来的目标进行漏洞扫描,让你在挖洞路上快人一步。

FofaMap_V113 国庆特别版【联动 Nuclei】| FofaMap云查询版 好消息:FofaMap又可以正常使用了,感谢🙏大家一直以来对FofaMap的支持,我们将继续对FofaMap进行更新和维护。 FofaMap是一款基于Python3开发的跨平台FOFA数据采集器。用户可以通过修改配置文件,定制化的采集FOFA数据,并导出生成

https://github.com/jlk/exploit-CVE-2017-6090

Containerized exploitable PhpCollab

Containerized exploitable CVE-2017-6090 This projects builds a container running PhpCollab 251, containing a remote code execution vulnerability as detailed in CVE-2017-6090 In addition, there is a docker-compse file to start that container and mysql to show the demo, and instructions to exploit are below Build docker build -t containername or use the image jlkinsel/ex

References

CWE-434https://sysdream.com/news/lab/2017-09-29-cve-2017-6090-phpcollab-2-5-1-arbitrary-file-upload-unauthenticated/https://www.exploit-db.com/exploits/42934/https://www.exploit-db.com/exploits/43519/https://nvd.nist.govhttps://github.com/asaotomo/FofaMaphttps://packetstormsecurity.com/files/144416/PhpCollab-2.5.1-Shell-Upload.htmlhttps://www.exploit-db.com/exploits/43519/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-21991CVE-2024-32674path traversalCVE-2023-21987denial of servicedosCVE-2024-4647CVE-2024-25519CVE-2024-33612
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook