CVE-2013-5353

Published Jun 13, 2014

Last updated 7 years ago

Overview

Description: Unrestricted file upload vulnerability in system/controllers/ajax/attachments.php in Sharetronix 3.1.1.3, 3.1.1, and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory.
Source: PSIRT-CNA@flexerasoftware.com
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 6.8
Impact score: 6.4
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: NVD-CWE-Other

Hype score: Not currently trending

Evaluator

Comment: Per: http://cwe.mitre.org/data/definitions/434.html "CWE-434: Unrestricted Upload of File with Dangerous Type"
Impact: -
Solution: -

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:sharetronix:sharetronix:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "83A29AD3-BAC1-4A52-ABC6-D7CD339D6FFB",
            "versionEndIncluding": "3.1.1"
          },
          {
            "criteria": "cpe:2.3:a:sharetronix:sharetronix:3.1.1.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4C243542-8484-4A49-9CE7-C87B234B4395"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Evaluator

Configurations

References