Intrusion Prevention

Active.Collab.Chat.Module.PHP.Code.Injection

Description

This indicates an attack attempt against a PHP Code Injection vulnerability in
Active Collab.
The vulnerability is caused by an error when the software handles a malicious "POST" request. It allows a remote attacker to execute arbitrary code via sending a crafted request.

Affected Products

Active Collab chat module 2.3.8 and prior

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Upgrade to the latest version available from the website.
http://www.activecollab.com/downloads/category/4/package/62/releases

CVE References

CVE-2012-6554