CVE-2013-4465
Published Oct 25, 2013
Last updated a year ago
Overview
- Description
- Unrestricted file upload vulnerability in the avatar upload functionality in Simple Machines Forum before 2.0.6 and 2.1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory.
- Source
- secalert@redhat.com
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 4.6
- Impact score
- 6.4
- Exploitability score
- 3.9
- Vector string
- AV:N/AC:H/Au:S/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- NVD-CWE-Other
Evaluator
- Comment
- CWE-434: Unrestricted Upload of File with Dangerous Type per http://cwe.mitre.org/data/definitions/434.html
- Impact
- -
- Solution
- -
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4AE3B1FA-5A5A-4261-A4DE-E68B96309997",
"versionEndIncluding": "2.0.5"
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "68BFA80B-10BE-48FA-A9F8-8FC163BBD18D"
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5C8DC2DE-AC37-4494-ADEC-581D26A34AF9"
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "11E23F5F-8068-4EBD-87C8-4B8F4F89CDB1"
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AA3A2DBF-6B9F-4B30-84F5-5AAB75B606C6"
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "559D77F1-149B-4821-952E-2E06D5E3F69F"
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1126ED56-1AD9-49AC-9A49-3803912F127E"
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "46B2AA68-7B2F-4AD3-982D-3CFCEA40643C"
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "25A66112-67BE-4103-975F-D198698BE50C"
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.8:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "45E1F0FF-F232-4275-ADB7-F94AA3EE8964"
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.9:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5FB14433-1E1A-4FA9-894F-3D79443DE5AB"
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.10:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A97C8C51-68F1-459D-B03C-B213F68654E1"
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.12:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "54B195D4-40DB-49F5-9AC4-B83D99DE1981"
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.13:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "60F37A70-AA61-4AE0-8920-15ACBE1AEA85"
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.14:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D3C4BC27-5F7E-474E-B474-BFDABFE173FA"
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.15:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6877EF64-339A-47F6-835D-DC558B3619F5"
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.16:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6986D103-9B4A-47B5-BAF6-FDA81FC16158"
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.17:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4D15A07F-5513-4925-8312-0603EAF387D2"
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.18:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "575B6D4F-D694-4DED-AEBB-D34629D41FC8"
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.19:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "62AAD1A1-BB63-4918-B025-3E1ECACDC6FF"
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.20:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4643B638-C3F6-4CFC-9501-8D7FDC287C8D"
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.21:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3350A780-870C-4482-879B-1F80676CE2F7"
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.22:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5BE07B07-9CD5-4F30-8F51-A79CCD467FEC"
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.23:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7087FAD5-5063-4258-84E4-8B430D05AF3A"
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9BF1364E-1796-43B5-941A-052E3FA63EC6"
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F48ABB45-0DD0-4113-B998-E27D246317A8"
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "ACEC624B-F259-4A57-8E75-36101B15AC29"
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8B533493-36FF-47D2-9924-7277BA3550E4"
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "08D81C9A-5DB5-491B-AF8A-FD87E7A7ACC0"
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CA96EA1B-256C-4E42-999B-B2EC30A82E82"
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "39376239-D851-4614-9F54-4DE077DA2BB6"
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3BEBAF17-902E-441A-AE39-A2457522866B"
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1.8:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7223B467-DFEC-4D01-9FA4-537151DBD0CC"
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1.9:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9FDDA21E-F192-45A0-8E53-1CDC614D58B1"
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1.10:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6932E5C3-47C2-414B-8D79-A2FC70C9DE97"
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1.11:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9CD39E15-2741-4B54-B78D-F5C4FBF596DB"
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1.12:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "880D38A1-308F-46F4-A3D9-4278506CD84C"
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1.13:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D2A709B4-EBAE-4B45-BA9C-F3FB1A787790"
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1.14:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DA543E42-55B7-454A-8E65-017DD537DDBB"
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1.15:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C5863684-6E4F-4972-B853-A8CECE8FC101"
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1.16:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6EACAE2B-9ADD-4B3E-9770-F4EEE4F29862"
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1.17:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "65ECB5EA-AFC0-4B1D-84E2-22F90A0A728A"
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DA503D5C-94A2-43F3-B70A-07539A834850"
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:2.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EDC7978C-B3BE-479C-8733-DDD5100A9CE8"
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:2.0.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0FBD4174-51EE-4A3A-AE72-297F33F09905"
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:2.0.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FE7AD0D1-655E-41F7-B40D-B62DAF96D124"
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:2.0.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "16A5363B-BB3B-4F51-9DA3-6136E3E79760"
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:2.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "774F215A-067D-4597-9EA0-B5393F089062"
}
],
"operator": "OR"
}
]
}
]