CVE-2013-10040

Опубликовано: 31 июл. 2025

Источник: nvd

CVSS3: 9.8

EPSS Средний

Описание

ClipBucket version 2.6 and earlier contains a critical vulnerability in the ofc_upload_image.php script located at /admin_area/charts/ofc-library/. This endpoint allows unauthenticated users to upload arbitrary files, including executable PHP scripts. Once uploaded, the attacker can access the file via a predictable path and trigger remote code execution.

Ссылки

https://clipbucket.com/
Product
https://github.com/arslancb/clipbucket
Product
https://packetstorm.news/files/id/123480
Exploit
Third Party Advisory
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/clipbucket_upload_exec.rb
Exploit
Third Party Advisory
https://www.vulncheck.com/advisories/clipbucket-arbitrary-file-upload-rce
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:clip-bucket:clipbucket:*:*:*:*:*:*:*:*

Версия до 2.6 (включая)

EPSS

Процентиль: 98%

0.60661

Средний

9.8 Critical

CVSS3

Дефекты

CWE-434

Связанные уязвимости

GHSA-99x8-h6hx-3fg9