Static code injection vulnerability in installation/setup.php in phpCollab 2.5 rc3 and earlier allows remote authenticated administrators to inject arbitrary PHP code into include/settings.php via the URI.Referenceshttp://secunia.com/advisories/19449http://bugs.gentoo.org/show_bug.cgi?id=235052http://www.securityfocus.com/bid/32964https://exchange.xforce.ibmcloud.com/vulnerabilities/47521http://security.gentoo.org/glsa/glsa-200812-20.xmlhttp://secunia.com/advisories/33258
