2 matches found
CVE-2013-4465
Unrestricted file upload vulnerability in the avatar upload functionality in Simple Machines Forum before 2.0.6 and 2.1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecifie...
CVE-2013-4465
The CVE-2013-4465 issue affects Simple Machines Forum (SMF) prior to versions 2.0.6 and 2.1, where the avatar upload functionality permits an unrestricted file upload. The root cause is that an uploaded file with an executable extension can be stored and later retrieved via a direct request to a ...