Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2017-6090

EPSS 86.91% · P99
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2017-6090

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Unrestricted file upload vulnerability in clients/editclient.php in PhpCollab 2.5.1 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in logos_clients/.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
PhpCollab 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
phpCollab是一套基于Web的项目协作管理软件。该软件具有任务分配、讨论、日志和通知等功能。 PhpCollab 2.5.1及之前的版本中的clients/editclient.php文件存在任意文件上传漏洞。远程攻击者可利用该漏洞上传并访问带有可执行扩展的文件,来执行任意代码。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Shenlong Deep Dive — AI Deep Analysis

10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.

Read summary Full analysis (login)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2017-6090

#POC DescriptionSource LinkShenlong Link
1Containerized exploitable PhpCollabhttps://github.com/jlk/exploit-CVE-2017-6090POC Details
2PhpCollab 2.5.1 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in logos_clients/ via clients/editclient.php.https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2017/CVE-2017-6090.yamlPOC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2017-6090

登录查看更多情报信息。

Same Patch Batch · n/a · 2017-10-02 · 50 CVEs total

CVE-2017-14979Gxlcms 安全漏洞
CVE-2017-13997Schneider Electric InduSoft Web Studio和InTouch Machine Edition 安全漏洞
CVE-2017-14988Industrial Light and Magic OpenEXR 资源管理错误漏洞
CVE-2017-14989ImageMagick 安全漏洞
CVE-2017-8018EMC AppSync Host插件安全漏洞
CVE-2017-8021EMC Elastic Cloud Storage 安全漏洞
CVE-2017-14981ATutor 跨站脚本漏洞
CVE-2017-14985EyesOfNetwork web interface 跨站脚本漏洞
CVE-2017-6089PhpCollab SQL注入漏洞
CVE-2017-14990WordPress 加密问题漏洞
CVE-2017-12792NexusPHP 跨站请求伪造漏洞
CVE-2017-14759OpenText Document Sciences xPression 安全漏洞
CVE-2017-14758OpenText Document Sciences xPression SQL注入漏洞
CVE-2017-14757OpenText Document Sciences xPression SQL注入漏洞
CVE-2017-14756OpenText Document Sciences xPression 跨站脚本漏洞
CVE-2017-14755OpenText Document Sciences xPression 跨站脚本漏洞
CVE-2017-14754OpenText Document Sciences xPression 路径遍历漏洞
CVE-2017-11322UCOPIA Wireless Appliance 权限许可和访问控制问题漏洞
CVE-2017-11321UCOPIA Wireless Appliance 安全漏洞
CVE-2015-7980Drupal Compass Rose模块跨站脚本漏洞

Showing top 20 of 50 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2017-6090

No comments yet

Leave a comment