CVE-2013-4465

Опубликовано: 25 окт. 2013

Источник: nvd

CVSS2: 4.6

EPSS Низкий

Описание

Unrestricted file upload vulnerability in the avatar upload functionality in Simple Machines Forum before 2.0.6 and 2.1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory.

Комментарий

CWE-434: Unrestricted Upload of File with Dangerous Type per http://cwe.mitre.org/data/definitions/434.html

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:simplemachines:simple_machines_forum:*:*:*:*:*:*:*:*

Версия до 2.0.5 (включая)

cpe:2.3:a:simplemachines:simple_machines_forum:1.0:*:*:*:*:*:*:*

cpe:2.3:a:simplemachines:simple_machines_forum:1.0.1:*:*:*:*:*:*:*

cpe:2.3:a:simplemachines:simple_machines_forum:1.0.2:*:*:*:*:*:*:*

cpe:2.3:a:simplemachines:simple_machines_forum:1.0.3:*:*:*:*:*:*:*

cpe:2.3:a:simplemachines:simple_machines_forum:1.0.4:*:*:*:*:*:*:*

cpe:2.3:a:simplemachines:simple_machines_forum:1.0.5:*:*:*:*:*:*:*

cpe:2.3:a:simplemachines:simple_machines_forum:1.0.6:*:*:*:*:*:*:*

cpe:2.3:a:simplemachines:simple_machines_forum:1.0.7:*:*:*:*:*:*:*

cpe:2.3:a:simplemachines:simple_machines_forum:1.0.8:*:*:*:*:*:*:*

cpe:2.3:a:simplemachines:simple_machines_forum:1.0.9:*:*:*:*:*:*:*

cpe:2.3:a:simplemachines:simple_machines_forum:1.0.10:*:*:*:*:*:*:*

cpe:2.3:a:simplemachines:simple_machines_forum:1.0.12:*:*:*:*:*:*:*

cpe:2.3:a:simplemachines:simple_machines_forum:1.0.13:*:*:*:*:*:*:*

cpe:2.3:a:simplemachines:simple_machines_forum:1.0.14:*:*:*:*:*:*:*

cpe:2.3:a:simplemachines:simple_machines_forum:1.0.15:*:*:*:*:*:*:*

cpe:2.3:a:simplemachines:simple_machines_forum:1.0.16:*:*:*:*:*:*:*

cpe:2.3:a:simplemachines:simple_machines_forum:1.0.17:*:*:*:*:*:*:*

cpe:2.3:a:simplemachines:simple_machines_forum:1.0.18:*:*:*:*:*:*:*

cpe:2.3:a:simplemachines:simple_machines_forum:1.0.19:*:*:*:*:*:*:*

cpe:2.3:a:simplemachines:simple_machines_forum:1.0.20:*:*:*:*:*:*:*

cpe:2.3:a:simplemachines:simple_machines_forum:1.0.21:*:*:*:*:*:*:*

cpe:2.3:a:simplemachines:simple_machines_forum:1.0.22:*:*:*:*:*:*:*

cpe:2.3:a:simplemachines:simple_machines_forum:1.0.23:*:*:*:*:*:*:*

cpe:2.3:a:simplemachines:simple_machines_forum:1.1:*:*:*:*:*:*:*

cpe:2.3:a:simplemachines:simple_machines_forum:1.1.1:*:*:*:*:*:*:*

cpe:2.3:a:simplemachines:simple_machines_forum:1.1.2:*:*:*:*:*:*:*

cpe:2.3:a:simplemachines:simple_machines_forum:1.1.3:*:*:*:*:*:*:*

cpe:2.3:a:simplemachines:simple_machines_forum:1.1.4:*:*:*:*:*:*:*

cpe:2.3:a:simplemachines:simple_machines_forum:1.1.5:*:*:*:*:*:*:*

cpe:2.3:a:simplemachines:simple_machines_forum:1.1.6:*:*:*:*:*:*:*

cpe:2.3:a:simplemachines:simple_machines_forum:1.1.7:*:*:*:*:*:*:*

cpe:2.3:a:simplemachines:simple_machines_forum:1.1.8:*:*:*:*:*:*:*

cpe:2.3:a:simplemachines:simple_machines_forum:1.1.9:*:*:*:*:*:*:*

cpe:2.3:a:simplemachines:simple_machines_forum:1.1.10:*:*:*:*:*:*:*

cpe:2.3:a:simplemachines:simple_machines_forum:1.1.11:*:*:*:*:*:*:*

cpe:2.3:a:simplemachines:simple_machines_forum:1.1.12:*:*:*:*:*:*:*

cpe:2.3:a:simplemachines:simple_machines_forum:1.1.13:*:*:*:*:*:*:*

cpe:2.3:a:simplemachines:simple_machines_forum:1.1.14:*:*:*:*:*:*:*

cpe:2.3:a:simplemachines:simple_machines_forum:1.1.15:*:*:*:*:*:*:*

cpe:2.3:a:simplemachines:simple_machines_forum:1.1.16:*:*:*:*:*:*:*

cpe:2.3:a:simplemachines:simple_machines_forum:1.1.17:*:*:*:*:*:*:*

cpe:2.3:a:simplemachines:simple_machines_forum:2.0:*:*:*:*:*:*:*

cpe:2.3:a:simplemachines:simple_machines_forum:2.0.1:*:*:*:*:*:*:*

cpe:2.3:a:simplemachines:simple_machines_forum:2.0.2:*:*:*:*:*:*:*

cpe:2.3:a:simplemachines:simple_machines_forum:2.0.3:*:*:*:*:*:*:*

cpe:2.3:a:simplemachines:simple_machines_forum:2.0.4:*:*:*:*:*:*:*

cpe:2.3:a:simplemachines:simple_machines_forum:2.1:*:*:*:*:*:*:*

EPSS

Процентиль: 77%

0.01085

Низкий

4.6 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-7f6x-px6h-jc2v

github

больше 3 лет назад