ACollab SQL injection vulnerability


ACollab is open source web-based groupware and is also available as an add-on for e-learning content management system ATutor. ACollab contains a SQL injection vulnerability.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 7.5 (High) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: Partial
  • Availability Impact: Partial
Affected Products

  • ACollab 1.2 and earlier


A remote attacker could modify the database contents or steal data. An attacker could also bypass authentication and impersonate a user.

Development and maintenance of ACollab finished with version 1.2 as of July 6, 2006. However ATutor 1.5.3 includes the almost same functionality as ACollab. Users of ACollab are recommended to swith to ATutor 1.5.3.
Vendor Information

  • ACollab Accessible Collaboration Environment : Top Page
CWE (What is CWE?)

CVE (What is CVE?)


  1. JVN : JVN#73705637
Revision History

  • [2008/05/21]
      Web page published