PT-2009-2416 · Collabtive · Collabtive

Antonio Parata

Published

2009-08-12

Updated

2018-10-11

CVE-2008-6947

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: Collabtive version 0.4.8

Description: The issue allows remote attackers to bypass authentication and create new users, including administrators, via unspecified vectors associated with the added mode in a users action to "admin.php".

Recommendations: For Collabtive version 0.4.8, consider restricting access to the "admin.php" endpoint until a patch is available. As a temporary workaround, limit the ability to create new users, especially administrators, to minimize the risk of exploitation.

Exploit

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2008-6947

Affected Products

Collabtive

PT-2009-2416 · Collabtive · Collabtive

CVE-2008-6947

Weakness Enumeration

Related Identifiers

Affected Products

References · 6