Description
Multiple incomplete blacklist vulnerabilities in the avatar upload functionality in manageuser.php in Collabtive before 2.1 allow remote authenticated users to execute arbitrary code by uploading a file with a (1) .php3, (2) .php4, (3) .php5, or (4) .phtml extension.
Remediation
References
Related Vulnerabilities
WordPress Plugin Video Embed & Thumbnail Generator Information Disclosure (1.1)
Internet Information Services Other Vulnerability (CVE-2000-0970)
WordPress Plugin Pricing Table by Supsystic Multiple Vulnerabilities (1.8.1)
IBM RTC Exposure of Resource to Wrong Sphere Vulnerability (CVE-2021-29701)
Atlassian Jira Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-2928)