Описание
Unrestricted file upload vulnerability in the avatar upload functionality in Simple Machines Forum before 2.0.6 and 2.1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory.
Unrestricted file upload vulnerability in the avatar upload functionality in Simple Machines Forum before 2.0.6 and 2.1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2013-4465
- https://github.com/SimpleMachines/SMF2.1/issues/701
- http://download.simplemachines.org/index.php?thanks%3Bfilename=smf_2-0-6_changelog.txt
- http://download.simplemachines.org/index.php?thanks;filename=smf_2-0-6_changelog.txt
- http://www.openwall.com/lists/oss-security/2013/10/23/6
- http://www.openwall.com/lists/oss-security/2013/10/25/3
- http://www.securityfocus.com/bid/63275
EPSS
CVE ID
Связанные уязвимости
Unrestricted file upload vulnerability in the avatar upload functionality in Simple Machines Forum before 2.0.6 and 2.1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory.
EPSS