CVE-2013-4898

Published Jan 29, 2014

Last updated 11 years ago

Overview

Description
Unrestricted file upload vulnerability in the user profile page feature in the Timeline Plugin 4.2.5p9 for SocialEngine allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in public/temporary/timeline/.
Source
cve@mitre.org
NVD status
Analyzed

Risk scores

CVSS 2.0

Type
Primary
Base score
6.5
Impact score
6.4
Exploitability score
8
Vector string
AV:N/AC:L/Au:S/C:P/I:P/A:P

Weaknesses

nvd@nist.gov
NVD-CWE-Other

Social media

Hype score
Not currently trending

Evaluator

Comment
Per: http://cwe.mitre.org/data/definitions/434.html "CWE-434: Unrestricted Upload of File with Dangerous Type"
Impact
-
Solution
-

Configurations