CVE-2012-6554

Published May 23, 2013

Last updated 7 years ago

Overview

Description: functions/html_to_text.php in the Chat module before 1.5.2 for activeCollab allows remote authenticated users to execute arbitrary PHP code via the message[message_text] parameter to chat/add_messag, which is not properly handled when executing the preg_replace function with the eval switch.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 6.5
Impact score: 6.4
Exploitability score: 8
Vector string: AV:N/AC:L/Au:S/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-20

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:a51dev:activecollab_chat_module:1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "388234B1-F486-4056-8268-0D9BDADDAE69"
          },
          {
            "criteria": "cpe:2.3:a:a51dev:activecollab_chat_module:1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "14E5A3ED-FA7D-467D-B0ED-E1FED5251BA1"
          },
          {
            "criteria": "cpe:2.3:a:a51dev:activecollab_chat_module:1.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "195D5DEA-7104-46E8-860F-6B13C9962092"
          },
          {
            "criteria": "cpe:2.3:a:a51dev:activecollab_chat_module:1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FF3D5982-A134-4471-9051-67C8D9BDF4F9"
          },
          {
            "criteria": "cpe:2.3:a:a51dev:activecollab_chat_module:1.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AFB0C9B9-3D90-4233-9544-F601E9400538"
          },
          {
            "criteria": "cpe:2.3:a:a51dev:activecollab_chat_module:1.3.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ECAF043D-38D1-4472-B41D-13C7E9650E7B"
          },
          {
            "criteria": "cpe:2.3:a:a51dev:activecollab_chat_module:1.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "80B7D3F3-D4FA-4F86-92FC-B4B46EF827C3"
          },
          {
            "criteria": "cpe:2.3:a:a51dev:activecollab_chat_module:1.4.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4C42645F-4E55-4175-B543-1FD77E3C7311"
          },
          {
            "criteria": "cpe:2.3:a:a51dev:activecollab_chat_module:1.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EF40ACF9-3797-41A3-BB71-C1AC9DE32B95"
          },
          {
            "criteria": "cpe:2.3:a:a51dev:activecollab_chat_module:1.5.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3EEEC4B8-6816-41F6-B2C1-1782555AA96C"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References