This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: Arbitrary File Upload in `clients/editclient.php`. π₯ **Consequences**: Remote Code Execution (RCE). Attackers upload executable files and access them to run malicious code on the server.
Q2Root Cause? (CWE/Flaw)
π‘οΈ **Root Cause**: Insecure File Upload Handling. The application fails to properly validate file extensions or content when processing client edits, allowing executable scripts to be stored and accessed.
Q3Who is affected? (Versions/Components)
π¦ **Affected**: **PhpCollab v2.5.1 and earlier**. Specifically the file `clients/editclient.php`. It is a Web-based project collaboration tool.
β οΈ **Threshold**: **Medium**. The description notes "remote authenticated users" in the Nuclei template, implying authentication might be required.β¦
π₯ **Public Exploits**: **Yes**. Multiple Exploit-DB entries (42934, 43519) exist. A Dockerized PoC is available on GitHub (`jlk/exploit-CVE-2017-6090`) for easy testing and demonstration.
Q7How to self-check? (Features/Scanning)
π **Self-Check**: Scan for **PhpCollab v2.5.1**. Check if `clients/editclient.php` exists. Verify if the `logos_clients/` directory is web-accessible and allows execution of uploaded files.β¦
π§ **Workaround**: **Disable File Uploads** in the client edit section if possible. Restrict web access to the `logos_clients/` directory via `.htaccess` or web server config to prevent execution of uploaded scripts.β¦
π΄ **Urgency**: **High**. This is an RCE vulnerability with public exploits. If you are running an older version of PhpCollab, patch immediately or isolate the server. Do not ignore this risk.