Lucene search

[email protected]CVE-2013-4465

HistoryOct 03, 2022 - 4:14 p.m.

CVE-2013-4465

2022-10-0316:14:58

[email protected]

web.nvd.nist.gov

cve-2013-4465

nvd

file upload

vulnerability

smf

arbitrary code

executable extension

7.6 High

AI Score

Confidence

Low

4.6 Medium

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:S/C:P/I:P/A:P

0.009 Low

EPSS

Percentile

82.3%

JSON

Unrestricted file upload vulnerability in the avatar upload functionality in Simple Machines Forum before 2.0.6 and 2.1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory.

Affected configurations

NVD

Node

simplemachinessimple_machines_forumRange≤2.0.5

simplemachinessimple_machines_forumMatch1.0

simplemachinessimple_machines_forumMatch1.0.1

simplemachinessimple_machines_forumMatch1.0.2

simplemachinessimple_machines_forumMatch1.0.3

simplemachinessimple_machines_forumMatch1.0.4

simplemachinessimple_machines_forumMatch1.0.5

simplemachinessimple_machines_forumMatch1.0.6

simplemachinessimple_machines_forumMatch1.0.7

simplemachinessimple_machines_forumMatch1.0.8

simplemachinessimple_machines_forumMatch1.0.9

simplemachinessimple_machines_forumMatch1.0.10

simplemachinessimple_machines_forumMatch1.0.12

simplemachinessimple_machines_forumMatch1.0.13

simplemachinessimple_machines_forumMatch1.0.14

simplemachinessimple_machines_forumMatch1.0.15

simplemachinessimple_machines_forumMatch1.0.16

simplemachinessimple_machines_forumMatch1.0.17

simplemachinessimple_machines_forumMatch1.0.18

simplemachinessimple_machines_forumMatch1.0.19

simplemachinessimple_machines_forumMatch1.0.20

simplemachinessimple_machines_forumMatch1.0.21

simplemachinessimple_machines_forumMatch1.0.22

simplemachinessimple_machines_forumMatch1.0.23

simplemachinessimple_machines_forumMatch1.1

simplemachinessimple_machines_forumMatch1.1.1

simplemachinessimple_machines_forumMatch1.1.2

simplemachinessimple_machines_forumMatch1.1.3

simplemachinessimple_machines_forumMatch1.1.4

simplemachinessimple_machines_forumMatch1.1.5

simplemachinessimple_machines_forumMatch1.1.6

simplemachinessimple_machines_forumMatch1.1.7

simplemachinessimple_machines_forumMatch1.1.8

simplemachinessimple_machines_forumMatch1.1.9

simplemachinessimple_machines_forumMatch1.1.10

simplemachinessimple_machines_forumMatch1.1.11

simplemachinessimple_machines_forumMatch1.1.12

simplemachinessimple_machines_forumMatch1.1.13

simplemachinessimple_machines_forumMatch1.1.14

simplemachinessimple_machines_forumMatch1.1.15

simplemachinessimple_machines_forumMatch1.1.16

simplemachinessimple_machines_forumMatch1.1.17

simplemachinessimple_machines_forumMatch2.0

simplemachinessimple_machines_forumMatch2.0.1

simplemachinessimple_machines_forumMatch2.0.2

simplemachinessimple_machines_forumMatch2.0.3

simplemachinessimple_machines_forumMatch2.0.4

simplemachinessimple_machines_forumMatch2.1

CPENameOperatorVersion
simplemachines:simple_machines_forumsimplemachines simple machines forumle2.0.5
simplemachines:simple_machines_forumsimplemachines simple machines forumeq1.0
simplemachines:simple_machines_forumsimplemachines simple machines forumeq1.0.1
simplemachines:simple_machines_forumsimplemachines simple machines forumeq1.0.2
simplemachines:simple_machines_forumsimplemachines simple machines forumeq1.0.3
simplemachines:simple_machines_forumsimplemachines simple machines forumeq1.0.4
simplemachines:simple_machines_forumsimplemachines simple machines forumeq1.0.5
simplemachines:simple_machines_forumsimplemachines simple machines forumeq1.0.6
simplemachines:simple_machines_forumsimplemachines simple machines forumeq1.0.7
simplemachines:simple_machines_forumsimplemachines simple machines forumeq1.0.8

CPE	Name	Operator	Version
simplemachines:simple_machines_forum	simplemachines simple machines forum	le	2.0.5
simplemachines:simple_machines_forum	simplemachines simple machines forum	eq	1.0
simplemachines:simple_machines_forum	simplemachines simple machines forum	eq	1.0.1
simplemachines:simple_machines_forum	simplemachines simple machines forum	eq	1.0.2
simplemachines:simple_machines_forum	simplemachines simple machines forum	eq	1.0.3
simplemachines:simple_machines_forum	simplemachines simple machines forum	eq	1.0.4
simplemachines:simple_machines_forum	simplemachines simple machines forum	eq	1.0.5
simplemachines:simple_machines_forum	simplemachines simple machines forum	eq	1.0.6
simplemachines:simple_machines_forum	simplemachines simple machines forum	eq	1.0.7
simplemachines:simple_machines_forum	simplemachines simple machines forum	eq	1.0.8

Rows per page:

1-10 of 481

References

download.simplemachines.org/index.php?thanks%3Bfilename=smf_2-0-6_changelog.txt

www.openwall.com/lists/oss-security/2013/10/23/6

www.openwall.com/lists/oss-security/2013/10/25/3

www.securityfocus.com/bid/63275

github.com/SimpleMachines/SMF2.1/issues/701

7.6 High

AI Score

Confidence

Low

4.6 Medium

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:S/C:P/I:P/A:P

0.009 Low

EPSS

Percentile

82.3%

JSON

Related for CVE-2013-4465

cvelist1 prion1 nvd1