PT-2012-1495 · Collabtive · Collabtive

Published

2012-11-26

Updated

2012-11-29

CVE-2010-5285

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Collabtive version 0.6.5

Description A cross-site request forgery issue exists, allowing remote attackers to hijack administrator authentication for requests that add administrative users via the "edituser" action in admin.php.

Recommendations For Collabtive version 0.6.5, consider disabling the edituser action in admin.php until a patch is available to prevent exploitation. Restrict access to the admin.php file to minimize the risk of unauthorized administrative user additions.

Exploit

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2010-5285

Affected Products

Collabtive

PT-2012-1495 · Collabtive · Collabtive

CVE-2010-5285

Weakness Enumeration

Related Identifiers

Affected Products

References · 8