Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
general/login.php in phpCollab 2.5 rc3 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified input related to the SSL_CLIENT_CERT environment variable. NOTE: in some environments, SSL_CLIENT_CERT always has a base64-encoded string value, which may impose constraints on injection for typical shells.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
phpCollab 'general/login.php'远程攻击漏洞
Vulnerability Description
phpCollab 是一款项目管理软件,为工作团队提供一种开源的,网络化的工作平台。 phpCollab 2.5 rc3 及其早期版本的general/login.php允许远程攻击者借助与SSL_CLIENT_CERT环境变量相关的未明输入中的外壳元字符,执行任意指令。注意: 在某些环境中, SSL_CLIENT_CERT总是具有一个base64-encoded字符值, 可能会对典型外壳的注入构成限制。
CVSS Information
N/A
Vulnerability Type
N/A