Collabtive 0.4.8 Multiple Vulnerabilities - EDB Advisory

On November 10, 2008, Exploit-DB published an advisory on multiple vulnerabilities in the Collabtive 0.4.8 project management platform, written by the USH team. Among the authors is Francesco “ascii” Ongaro, together with Antonio “s4tan” Parata and Giovanni “evilaliv3” Pellerano. The identified flaws included Stored Cross-Site Scripting, authentication bypass, and arbitrary file upload, with high severity impact (CVSS 8/10). The advisory highlighted the possibility of server-side code execution through fraudulently uploaded .php files. The vendor had not released patches at the time of disclosure. Ongaro was also credited as the document’s author and copyright holder.