Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
functions/html_to_text.php in the Chat module before 1.5.2 for activeCollab allows remote authenticated users to execute arbitrary PHP code via the message[message_text] parameter to chat/add_messag, which is not properly handled when executing the preg_replace function with the eval switch.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
activeCollab Chat模块远程PHP代码执行漏洞
Vulnerability Description
Chat是塞尔维亚共和国activeCollab公司的一个聊天模块。 activeCollab平台下的Chat模块1.5.2之前版本中的functions/html_to_text.php中存在漏洞,该漏洞源于在以eval转换开关执行preg_replace函数期间,程序没有正确地处理传递至chat/add_messag的message[message_text]参数。通过发送该参数,远程认证攻击者可利用该漏洞执行任意PHP代码。
CVSS Information
N/A
Vulnerability Type
N/A