MidnightBSD

Advisories for a51dev

CVE-2012-6554 MEDIUM

functions/html_to_text.php in the Chat module before 1.5.2 for activeCollab allows remote authenticated users to execute arbitrary PHP code via the message[message_text] parameter to chat/add_messag, which is not properly handled when executing the preg_replace function with the eval switch.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
a51dev activecollab_chat_module 1.0
a51dev activecollab_chat_module 1.1
a51dev activecollab_chat_module 1.4
a51dev activecollab_chat_module 1.1.1
a51dev activecollab_chat_module 1.2
a51dev activecollab_chat_module 1.4.1
a51dev activecollab_chat_module 1.5
a51dev activecollab_chat_module 1.5.1
a51dev activecollab_chat_module 1.3.2
a51dev activecollab_chat_module 1.3