CVE-2008-6948

Name of the Vulnerable Software and Affected Versions: Collabtive version 0.4.8

Description: The issue allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension and using a text/plain MIME type, then accessing it via a direct request to the file in files/. This is related to the showproject action in managefile.php or the Messages feature.

Recommendations: For Collabtive version 0.4.8, consider restricting file uploads to only allow non-executable file types and validate the MIME type of uploaded files to prevent exploitation. As a temporary workaround, restrict access to the files/ directory to minimize the risk of code execution.