CVE-2015-0258

Name of the Vulnerable Software and Affected Versions: Collabtive versions prior to 2.1

Description: The issue is related to multiple incomplete blacklist vulnerabilities in the avatar upload functionality. This allows remote authenticated users to execute arbitrary code by uploading files with specific extensions, such as .php3, .php4, .php5, or .phtml.

Recommendations: For versions prior to 2.1, update to version 2.1 or later to resolve the issue. As a temporary workaround, consider restricting the file types that can be uploaded through the avatar upload functionality to prevent exploitation.