Vulnerability Description
Unrestricted file upload vulnerability in the user profile page feature in the Timeline Plugin 4.2.5p9 for SocialEngine allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in public/temporary/timeline/.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Webhive | Timeline | 4.2.5 |
| Socialengine | Socialengine | - |
References
- http://www.exploit-db.com/exploits/27272/Exploit
- http://www.securityfocus.com/archive/1/527791
- http://www.exploit-db.com/exploits/27272/Exploit
- http://www.securityfocus.com/archive/1/527791
FAQ
What is CVE-2013-4898?
CVE-2013-4898 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Unrestricted file upload vulnerability in the user profile page feature in the Timeline Plugin 4.2.5p9 for SocialEngine allows remote authenticated users to execute arbitrary code by uploading a file ...
How severe is CVE-2013-4898?
CVE-2013-4898 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-4898?
Check the references section above for vendor advisories and patch information. Affected products include: Webhive Timeline, Socialengine Socialengine.