Vulnerability Description
Unrestricted file upload vulnerability in the avatar upload functionality in Simple Machines Forum before 2.0.6 and 2.1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Simplemachines | Simple Machines Forum | <= 2.0.5 |
References
- http://download.simplemachines.org/index.php?thanks%3Bfilename=smf_2-0-6_changel
- http://www.openwall.com/lists/oss-security/2013/10/23/6
- http://www.openwall.com/lists/oss-security/2013/10/25/3
- http://www.securityfocus.com/bid/63275
- https://github.com/SimpleMachines/SMF2.1/issues/701
- http://download.simplemachines.org/index.php?thanks%3Bfilename=smf_2-0-6_changel
- http://www.openwall.com/lists/oss-security/2013/10/23/6
- http://www.openwall.com/lists/oss-security/2013/10/25/3
- http://www.securityfocus.com/bid/63275
- https://github.com/SimpleMachines/SMF2.1/issues/701
FAQ
What is CVE-2013-4465?
CVE-2013-4465 is a vulnerability with a CVSS score of 4.6 (MEDIUM). Unrestricted file upload vulnerability in the avatar upload functionality in Simple Machines Forum before 2.0.6 and 2.1 allows remote authenticated users to execute arbitrary code by uploading a file ...
How severe is CVE-2013-4465?
CVE-2013-4465 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-4465?
Check the references section above for vendor advisories and patch information. Affected products include: Simplemachines Simple Machines Forum.