CVE-2013-3631 — MEDIUM (6.0)

Q: How severe is CVE-2013-3631?

CVE-2013-3631 has been rated MEDIUM with a CVSS base score of 6.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2013-3631?

Check the references section above for vendor advisories and patch information. Affected products include: Nas4Free Nas4Free.

Vulnerability Description

NAS4Free 9.1.0.1.804 and earlier allows remote authenticated users to execute arbitrary PHP code via a request to exec.php, aka the "Advanced | Execute Command" feature. NOTE: this issue might not be a vulnerability, since it appears to be part of legitimate, intentionally-exposed functionality by the developer and is allowed within the intended security policy.

CVSS Score

6.0

MEDIUM

AV:N/AC:M/Au:S/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Nas4Free	Nas4Free	<= 9.1.0.1.804

Related Weaknesses (CWE)

CWE-94

References

http://www.kb.cert.org/vuls/id/326830US Government Resource
https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-tricks-aExploit
http://www.kb.cert.org/vuls/id/326830US Government Resource
https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-tricks-aExploit

FAQ

What is CVE-2013-3631?

CVE-2013-3631 is a vulnerability with a CVSS score of 6.0 (MEDIUM). NAS4Free 9.1.0.1.804 and earlier allows remote authenticated users to execute arbitrary PHP code via a request to exec.php, aka the "Advanced | Execute Command" feature. NOTE: this issue might not be...

How severe is CVE-2013-3631?

CVE-2013-3631 has been rated MEDIUM with a CVSS base score of 6.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2013-3631?

Check the references section above for vendor advisories and patch information. Affected products include: Nas4Free Nas4Free.