Vulnerability Details : CVE-2013-4465
Unrestricted file upload vulnerability in the avatar upload functionality in Simple Machines Forum before 2.0.6 and 2.1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory.
Vulnerability category: Execute code
Exploit prediction scoring system (EPSS) score for CVE-2013-4465
Probability of exploitation activity in the next 30 days: 0.71%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 80 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2013-4465
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
4.6
|
MEDIUM | AV:N/AC:H/Au:S/C:P/I:P/A:P |
3.9
|
6.4
|
NIST |
References for CVE-2013-4465
-
http://download.simplemachines.org/index.php?thanks;filename=smf_2-0-6_changelog.txt
Thanks!
-
http://www.securityfocus.com/bid/63275
SMF CVE-2013-4465 Unspecified Arbitrary File Upload Vulnerability
-
http://www.openwall.com/lists/oss-security/2013/10/25/3
oss-security - Re: CVE Request: Simple Machines Forum (SMF) Remote file inclusion vulnerability
-
https://github.com/SimpleMachines/SMF2.1/issues/701
Remote Shell Upload Vulnerability · Issue #701 · SimpleMachines/SMF2.1 · GitHub
-
http://www.openwall.com/lists/oss-security/2013/10/23/6
oss-security - Re: CVE Request: Simple Machines Forum (SMF) Remote file inclusion vulnerability
Products affected by CVE-2013-4465
- cpe:2.3:a:simplemachines:simple_machines_forum:*:*:*:*:*:*:*:*
- cpe:2.3:a:simplemachines:simple_machines_forum:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:simplemachines:simple_machines_forum:2.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:simplemachines:simple_machines_forum:2.1:*:*:*:*:*:*:*
- cpe:2.3:a:simplemachines:simple_machines_forum:1.1.9:*:*:*:*:*:*:*
- cpe:2.3:a:simplemachines:simple_machines_forum:1.1.12:*:*:*:*:*:*:*
- cpe:2.3:a:simplemachines:simple_machines_forum:1.1.11:*:*:*:*:*:*:*
- cpe:2.3:a:simplemachines:simple_machines_forum:1.1.10:*:*:*:*:*:*:*
- cpe:2.3:a:simplemachines:simple_machines_forum:1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:simplemachines:simple_machines_forum:1.0.19:*:*:*:*:*:*:*
- cpe:2.3:a:simplemachines:simple_machines_forum:1.0.17:*:*:*:*:*:*:*
- cpe:2.3:a:simplemachines:simple_machines_forum:1.0.14:*:*:*:*:*:*:*
- cpe:2.3:a:simplemachines:simple_machines_forum:1.0.12:*:*:*:*:*:*:*
- cpe:2.3:a:simplemachines:simple_machines_forum:1.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:simplemachines:simple_machines_forum:1.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:simplemachines:simple_machines_forum:1.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:simplemachines:simple_machines_forum:1.1.17:*:*:*:*:*:*:*
- cpe:2.3:a:simplemachines:simple_machines_forum:1.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:simplemachines:simple_machines_forum:1.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:simplemachines:simple_machines_forum:1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:simplemachines:simple_machines_forum:1.0.23:*:*:*:*:*:*:*
- cpe:2.3:a:simplemachines:simple_machines_forum:1.0.16:*:*:*:*:*:*:*
- cpe:2.3:a:simplemachines:simple_machines_forum:1.0.18:*:*:*:*:*:*:*
- cpe:2.3:a:simplemachines:simple_machines_forum:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:simplemachines:simple_machines_forum:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:simplemachines:simple_machines_forum:1.1.8:*:*:*:*:*:*:*
- cpe:2.3:a:simplemachines:simple_machines_forum:1.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:simplemachines:simple_machines_forum:1.1.15:*:*:*:*:*:*:*
- cpe:2.3:a:simplemachines:simple_machines_forum:1.1.13:*:*:*:*:*:*:*
- cpe:2.3:a:simplemachines:simple_machines_forum:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:simplemachines:simple_machines_forum:1.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:simplemachines:simple_machines_forum:1.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:simplemachines:simple_machines_forum:1.0.22:*:*:*:*:*:*:*
- cpe:2.3:a:simplemachines:simple_machines_forum:1.0.20:*:*:*:*:*:*:*
- cpe:2.3:a:simplemachines:simple_machines_forum:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:simplemachines:simple_machines_forum:1.0.15:*:*:*:*:*:*:*
- cpe:2.3:a:simplemachines:simple_machines_forum:2.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:simplemachines:simple_machines_forum:1.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:simplemachines:simple_machines_forum:1.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:simplemachines:simple_machines_forum:1.1.16:*:*:*:*:*:*:*
- cpe:2.3:a:simplemachines:simple_machines_forum:1.1.14:*:*:*:*:*:*:*
- cpe:2.3:a:simplemachines:simple_machines_forum:1.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:simplemachines:simple_machines_forum:1.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:simplemachines:simple_machines_forum:1.0.21:*:*:*:*:*:*:*
- cpe:2.3:a:simplemachines:simple_machines_forum:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:simplemachines:simple_machines_forum:1.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:simplemachines:simple_machines_forum:1.0.13:*:*:*:*:*:*:*
- cpe:2.3:a:simplemachines:simple_machines_forum:2.0.3:*:*:*:*:*:*:*