NVD

Id
40065  
Name
CVE-2013-4465  
Description
Unrestricted file upload vulnerability in the avatar upload functionality in Simple Machines Forum before 2.0.6 and 2.1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory.  
Reject
 
CVSS Version
2  
CVSS Score
4.6  
Severity
Medium  
CVSS Base Score
4.6  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
3.9  
CVSS Vector
(AV:N/AC:H/Au:S/C:P/I:P/A:P)  
Pub Date
2017-01-18  
Published
2013-10-25  
Modified Date
2013-10-28  
Seq
2013-4465  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
203830 40065 CVE-2013-4465 http://download.simplemachines.org/index.php?thanks;filename=smf_2-0-6_changelog.txt  View
203831 40065 CVE-2013-4465 [oss-security] 20131022 Re: CVE Request: Simple Machines Forum (SMF) Remote file inclusion vulnerability  View
203832 40065 CVE-2013-4465 [oss-security] 20131024 Re: CVE Request: Simple Machines Forum (SMF) Remote file inclusion vulnerability  View
203833 40065 CVE-2013-4465 63275  View
203834 40065 CVE-2013-4465 https://github.com/SimpleMachines/SMF2.1/issues/701  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
23323 JVNDB-2013-004898 Simple Machines Forum のアバターアップロード機能における任意のコードを実行される脆弱性 Simple Machines Forum のアバターアップロード機能には、ファイルをアップロードされることにより、任意のコードを実行される脆弱性が存在します。 CVE-2013-4465 64407 CVE-2013-4465 40065 4.6 http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-004898.html 2013-10-22 2013-10-29 View