Lucene search

RedhatCVE-2013-4465

HistoryOct 25, 2013 - 11:55 p.m.

CVE-2013-4465

2013-10-2523:55:04

redhat

web.nvd.nist.gov

cve-2013-4465

nvd

file upload

vulnerability

smf

arbitrary code

executable extension

CVSS2

4.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:S/C:P/I:P/A:P

AI Score

7.6

Confidence

Low

EPSS

0.007

Percentile

81.1%

JSON

Unrestricted file upload vulnerability in the avatar upload functionality in Simple Machines Forum before 2.0.6 and 2.1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory.

Affected configurations

Nvd

Node

simplemachinessimple_machines_forumRange≤2.0.5

simplemachinessimple_machines_forumMatch1.0

simplemachinessimple_machines_forumMatch1.0.1

simplemachinessimple_machines_forumMatch1.0.2

simplemachinessimple_machines_forumMatch1.0.3

simplemachinessimple_machines_forumMatch1.0.4

simplemachinessimple_machines_forumMatch1.0.5

simplemachinessimple_machines_forumMatch1.0.6

simplemachinessimple_machines_forumMatch1.0.7

simplemachinessimple_machines_forumMatch1.0.8

simplemachinessimple_machines_forumMatch1.0.9

simplemachinessimple_machines_forumMatch1.0.10

simplemachinessimple_machines_forumMatch1.0.12

simplemachinessimple_machines_forumMatch1.0.13

simplemachinessimple_machines_forumMatch1.0.14

simplemachinessimple_machines_forumMatch1.0.15

simplemachinessimple_machines_forumMatch1.0.16

simplemachinessimple_machines_forumMatch1.0.17

simplemachinessimple_machines_forumMatch1.0.18

simplemachinessimple_machines_forumMatch1.0.19

simplemachinessimple_machines_forumMatch1.0.20

simplemachinessimple_machines_forumMatch1.0.21

simplemachinessimple_machines_forumMatch1.0.22

simplemachinessimple_machines_forumMatch1.0.23

simplemachinessimple_machines_forumMatch1.1

simplemachinessimple_machines_forumMatch1.1.1

simplemachinessimple_machines_forumMatch1.1.2

simplemachinessimple_machines_forumMatch1.1.3

simplemachinessimple_machines_forumMatch1.1.4

simplemachinessimple_machines_forumMatch1.1.5

simplemachinessimple_machines_forumMatch1.1.6

simplemachinessimple_machines_forumMatch1.1.7

simplemachinessimple_machines_forumMatch1.1.8

simplemachinessimple_machines_forumMatch1.1.9

simplemachinessimple_machines_forumMatch1.1.10

simplemachinessimple_machines_forumMatch1.1.11

simplemachinessimple_machines_forumMatch1.1.12

simplemachinessimple_machines_forumMatch1.1.13

simplemachinessimple_machines_forumMatch1.1.14

simplemachinessimple_machines_forumMatch1.1.15

simplemachinessimple_machines_forumMatch1.1.16

simplemachinessimple_machines_forumMatch1.1.17

simplemachinessimple_machines_forumMatch2.0

simplemachinessimple_machines_forumMatch2.0.1

simplemachinessimple_machines_forumMatch2.0.2

simplemachinessimple_machines_forumMatch2.0.3

simplemachinessimple_machines_forumMatch2.0.4

simplemachinessimple_machines_forumMatch2.1

VendorProductVersionCPE
simplemachinessimple_machines_forum*cpe:2.3:a:simplemachines:simple_machines_forum:*:*:*:*:*:*:*:*
simplemachinessimple_machines_forum1.0cpe:2.3:a:simplemachines:simple_machines_forum:1.0:*:*:*:*:*:*:*
simplemachinessimple_machines_forum1.0.1cpe:2.3:a:simplemachines:simple_machines_forum:1.0.1:*:*:*:*:*:*:*
simplemachinessimple_machines_forum1.0.2cpe:2.3:a:simplemachines:simple_machines_forum:1.0.2:*:*:*:*:*:*:*
simplemachinessimple_machines_forum1.0.3cpe:2.3:a:simplemachines:simple_machines_forum:1.0.3:*:*:*:*:*:*:*
simplemachinessimple_machines_forum1.0.4cpe:2.3:a:simplemachines:simple_machines_forum:1.0.4:*:*:*:*:*:*:*
simplemachinessimple_machines_forum1.0.5cpe:2.3:a:simplemachines:simple_machines_forum:1.0.5:*:*:*:*:*:*:*
simplemachinessimple_machines_forum1.0.6cpe:2.3:a:simplemachines:simple_machines_forum:1.0.6:*:*:*:*:*:*:*
simplemachinessimple_machines_forum1.0.7cpe:2.3:a:simplemachines:simple_machines_forum:1.0.7:*:*:*:*:*:*:*
simplemachinessimple_machines_forum1.0.8cpe:2.3:a:simplemachines:simple_machines_forum:1.0.8:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
simplemachines	simple_machines_forum	*	cpe:2.3:a:simplemachines:simple_machines_forum::::::::
simplemachines	simple_machines_forum	1.0	cpe:2.3:a:simplemachines:simple_machines_forum:1.0:::::::*
simplemachines	simple_machines_forum	1.0.1	cpe:2.3:a:simplemachines:simple_machines_forum:1.0.1:::::::*
simplemachines	simple_machines_forum	1.0.2	cpe:2.3:a:simplemachines:simple_machines_forum:1.0.2:::::::*
simplemachines	simple_machines_forum	1.0.3	cpe:2.3:a:simplemachines:simple_machines_forum:1.0.3:::::::*
simplemachines	simple_machines_forum	1.0.4	cpe:2.3:a:simplemachines:simple_machines_forum:1.0.4:::::::*
simplemachines	simple_machines_forum	1.0.5	cpe:2.3:a:simplemachines:simple_machines_forum:1.0.5:::::::*
simplemachines	simple_machines_forum	1.0.6	cpe:2.3:a:simplemachines:simple_machines_forum:1.0.6:::::::*
simplemachines	simple_machines_forum	1.0.7	cpe:2.3:a:simplemachines:simple_machines_forum:1.0.7:::::::*
simplemachines	simple_machines_forum	1.0.8	cpe:2.3:a:simplemachines:simple_machines_forum:1.0.8:::::::*

Rows per page:

1-10 of 481

References

download.simplemachines.org/index.php?thanks%3Bfilename=smf_2-0-6_changelog.txt

www.openwall.com/lists/oss-security/2013/10/23/6

www.openwall.com/lists/oss-security/2013/10/25/3

www.securityfocus.com/bid/63275

github.com/SimpleMachines/SMF2.1/issues/701

CVSS2

4.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:S/C:P/I:P/A:P

AI Score

7.6

Confidence

Low

EPSS

0.007

Percentile

81.1%

JSON

Related for CVE-2013-4465