← back
CVE-2012-6554

CVE-2012-6554

EPSS 16.7%
functions/html_to_text.php in the Chat module before 1.5.2 for activeCollab allows remote authenticated users to execute arbitrary PHP code via the message[message_text] parameter to chat/add_messag, which is not properly handled when executing the preg_replace function with the eval switch.
Affected products
n/a · n/a
public PoCs found2
cve_referencewww.exploit-db.com/exploits/18898unverifiedexploitdbwww.exploit-db.com/exploits/18898unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://osvdb.org/81966http://secunia.com/advisories/49246https://exchange.xforce.ibmcloud.com/vulnerabilities/75741http://www.activecollab.com/downloads/category/4/package/62/releaseshttp://www.exploit-db.com/exploits/18898http://www.securityfocus.com/bid/53624