CVE-2008-4304

general/login.php in phpCollab 2.5 rc3 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified input related to the SSL_CLIENT_CERT environment variable. NOTE: in some environments, SSL_CLIENT_CERT always has a base64-encoded string value, which may impose constraints on injection for typical shells.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:phpcollab:phpcollab:*:rc3:*:*:*:*:*:*
cpe:2.3:a:phpcollab:phpcollab:2.2:*:*:*:*:*:*:*
cpe:2.3:a:phpcollab:phpcollab:2.3:*:*:*:*:*:*:*
cpe:2.3:a:phpcollab:phpcollab:2.4:*:*:*:*:*:*:*
cpe:2.3:a:phpcollab:phpcollab:2.5:beta_4:*:*:*:*:*:*
cpe:2.3:a:phpcollab:phpcollab:2.5:rc1:*:*:*:*:*:*
cpe:2.3:a:phpcollab:phpcollab:2.5:rc2:*:*:*:*:*:*

History

21 Nov 2024, 00:51

Type Values Removed Values Added
References () http://bugs.gentoo.org/show_bug.cgi?id=235052 - () http://bugs.gentoo.org/show_bug.cgi?id=235052 -
References () http://secunia.com/advisories/33258 - Vendor Advisory () http://secunia.com/advisories/33258 - Vendor Advisory
References () http://security.gentoo.org/glsa/glsa-200812-20.xml - () http://security.gentoo.org/glsa/glsa-200812-20.xml -
References () http://www.securityfocus.com/bid/32964 - () http://www.securityfocus.com/bid/32964 -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/47522 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/47522 -

Information

Published : 2008-12-23 18:30

Updated : 2024-11-21 00:51


NVD link : CVE-2008-4304

Mitre link : CVE-2008-4304

CVE.ORG link : CVE-2008-4304


JSON object : View

Products Affected

phpcollab

  • phpcollab
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')