4 matches found
CVE-2013-10067 Glossword 1.8.8 - 1.8.12 Arbitrary File Upload RCE
Glossword versions 1.8.8 through 1.8.12 contain an authenticated arbitrary file upload vulnerability. When deployed as a standalone application, the administrative interface gwadmin.php allows users with administrator privileges to upload files to the gwtemp/a/ directory. Due to insufficient...
CVE-2013-10067 Glossword 1.8.8 - 1.8.12 Arbitrary File Upload RCE
Glossword versions 1.8.8 through 1.8.12 contain an authenticated arbitrary file upload vulnerability. When deployed as a standalone application, the administrative interface gwadmin.php allows users with administrator privileges to upload files to the gwtemp/a/ directory. Due to insufficient...
CVE-2013-10067
Glossword (versions 1.8.8–1.8.12) contains an authenticated arbitrary file upload flaw in the gw_admin.php interface. Insufficient validation of file type/path allows an administrator to upload PHP payloads to gw_temp/a/, enabling remote code execution. Public advisories and a Metasploit module r...
PT-2025-31991 · Glossword · Glossword
Name of the Vulnerable Software and Affected Versions: Glossword versions 1.8.8 through 1.8.12 Description: Glossword versions 1.8.8 through 1.8.12 contain an authenticated arbitrary file upload vulnerability. When deployed as a standalone application, the administrative interface gw admin.php...