CVE-2013-3590

Published Aug 28, 2013

Last updated 11 years ago

CVSS info 6.8

Overview

Description: Unrestricted file upload vulnerability in admin/uploadImage.html in SearchBlox before 7.5 build 1 allows remote attackers to execute arbitrary code by uploading an executable file with the image/jpeg content type, and then accessing this file via unspecified vectors, as demonstrated by access to a JSP file.
Source: cret@cert.org
NVD status: Analyzed

Risk scores

CVSS 2.0

Type: Primary
Base score: 6.8
Impact score: 6.4
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: NVD-CWE-Other

Hype score: Not currently trending

Evaluator

Comment: Per: http://cwe.mitre.org/data/definitions/434.html 'CWE-434: Unrestricted Upload of File with Dangerous Type'
Impact: -
Solution: -

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:searchblox:searchblox:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9DB33F2D-97DC-49F0-8FDC-CECDDC75D615",
            "versionEndIncluding": "7.5"
          },
          {
            "criteria": "cpe:2.3:a:searchblox:searchblox:6.2:build_1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B15DEE8A-A32C-474F-B0D6-5DDFD962419A"
          },
          {
            "criteria": "cpe:2.3:a:searchblox:searchblox:6.3:build_1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F3E78772-7D6D-4824-BC0F-1B1168781DF9"
          },
          {
            "criteria": "cpe:2.3:a:searchblox:searchblox:6.4:build_1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C79862E7-D02A-4CAE-854C-FA16244111F0"
          },
          {
            "criteria": "cpe:2.3:a:searchblox:searchblox:6.4:build_2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FEC596B5-859F-44DE-8068-C7D8111577C8"
          },
          {
            "criteria": "cpe:2.3:a:searchblox:searchblox:7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E7ADDFFC-6373-448A-AC2A-D48821A46C3E"
          },
          {
            "criteria": "cpe:2.3:a:searchblox:searchblox:7.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9A603908-F326-4F63-8BD6-4D8A140EFC60"
          },
          {
            "criteria": "cpe:2.3:a:searchblox:searchblox:7.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E20F4C1A-892B-4B5E-B984-CDE59D025889"
          },
          {
            "criteria": "cpe:2.3:a:searchblox:searchblox:7.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8DCC2126-6DA4-4838-B049-781215A2EC04"
          },
          {
            "criteria": "cpe:2.3:a:searchblox:searchblox:7.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D6CD5C63-10CA-4A93-8E28-BDAA70C03378"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Evaluator

Configurations

References