PT-2009-4243 · Activecollab · Activecollab
R0T
·
Published
2009-05-22
·
Updated
2021-07-12
·
CVE-2009-1773
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
activeCollab version 2.1 Corporate
Description:
The issue allows remote attackers to obtain sensitive information. This is achieved by providing an invalid
re route parameter to the "login script", which in turn reveals the installation path in an error message.Recommendations:
For activeCollab version 2.1 Corporate, consider restricting access to the login script until a fix is available, or avoid using the
re route parameter in the login script to minimize the risk of exploitation.Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Activecollab