Lucene search
MitreCVE-2013-4898HistoryJan 29, 2014 - 6:55 p.m.
CVE-2013-4898
2014-01-2918:55:26
mitre
web.nvd.nist.gov
37
cve-2013-4898
unrestricted file upload
timeline plugin
socialengine
arbitrary code execution
security vulnerability
CVSS2
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
AI Score
7.4
Confidence
Low
EPSS
0.006
Percentile
79.5%
Unrestricted file upload vulnerability in the user profile page feature in the Timeline Plugin 4.2.5p9 for SocialEngine allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in public/temporary/timeline/.
Affected configurations
Node
webhivetimelineMatch4.2.5p9
socialenginesocialengineMatch-
| Vendor | Product | Version | CPE |
|---|---|---|---|
| webhive | timeline | 4.2.5 | cpe:2.3:a:webhive:timeline:4.2.5:p9:*:*:*:*:*:* |
| socialengine | socialengine | - | cpe:2.3:a:socialengine:socialengine:-:*:*:*:*:*:*:* |
Related
cvelist
cvelist
CVE-2013-4898
2014-01-29 18:00:00
exploitpack
exploitpack
SocialEngine Timeline Plugin 4.2.5p9 - Arbitrary File Upload
2013-08-02 00:00:00
exploitdb
exploitdb
SocialEngine Timeline Plugin 4.2.5p9 - Arbitrary File Upload
2013-08-02 00:00:00
nvd
nvd
CVE-2013-4898
2014-01-29 18:55:26
packetstorm
packetstorm
SocialEngine 4.5 Shell Upload
2013-08-07 00:00:00
prion
prion
Unrestricted file upload
2014-01-29 18:55:00
zdt
zdt
SocialEngine 4.5 Shell Upload Vulnerability
2013-08-07 00:00:00
securityvulns
securityvulns
CVSS2
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
AI Score
7.4
Confidence
Low
EPSS
0.006
Percentile
79.5%
Related for CVE-2013-4898