Vulnerability Description
Unrestricted file upload vulnerability in admin/uploadImage.html in SearchBlox before 7.5 build 1 allows remote attackers to execute arbitrary code by uploading an executable file with the image/jpeg content type, and then accessing this file via unspecified vectors, as demonstrated by access to a JSP file.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Searchblox | Searchblox | <= 7.5 |
References
- http://buddhalabs.com/Advisories/WebAdvisories.html
- http://www.kb.cert.org/vuls/id/592942US Government Resource
- http://www.searchblox.com/developers-2/change-log
- http://buddhalabs.com/Advisories/WebAdvisories.html
- http://www.kb.cert.org/vuls/id/592942US Government Resource
- http://www.searchblox.com/developers-2/change-log
FAQ
What is CVE-2013-3590?
CVE-2013-3590 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Unrestricted file upload vulnerability in admin/uploadImage.html in SearchBlox before 7.5 build 1 allows remote attackers to execute arbitrary code by uploading an executable file with the image/jpeg ...
How severe is CVE-2013-3590?
CVE-2013-3590 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-3590?
Check the references section above for vendor advisories and patch information. Affected products include: Searchblox Searchblox.