CVE-2008-4305

Published: Dec 23, 2008Modified: Apr 23, 2026

9.0

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Exploitability: 8.0 / Impact: 10.0

Source: NVD

Description

Static code injection vulnerability in installation/setup.php in phpCollab 2.5 rc3 and earlier allows remote authenticated administrators to inject arbitrary PHP code into include/settings.php via the URI.

Affected (4)

Products: Php Collab: Php Collab

Php Collab

1 product

Php Collab

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Php Collab Php Collab	Up to 2.5
Php Collab Php Collab	Version 2.2
Php Collab Php Collab	Version 2.3
Php Collab Php Collab	Version 2.4

Related CWEs

CWE-94

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (12)

http://bugs.gentoo.org/show_bug.cgi?id=235052

Source: secalert@redhat.com

http://secunia.com/advisories/19449

Source: secalert@redhat.com

http://secunia.com/advisories/33258

Source: secalert@redhat.com

Vendor Advisory

http://security.gentoo.org/glsa/glsa-200812-20.xml

Source: secalert@redhat.com

http://www.securityfocus.com/bid/32964

Source: secalert@redhat.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/47521

Source: secalert@redhat.com

http://bugs.gentoo.org/show_bug.cgi?id=235052