Unrestricted File Upload Vulnerability in Simple Machines Forum
CVE-2013-4465

Currently unrated

Key Information:

Vendor

Simplemachines

Status
Simple Machines Forum
Vendor
CVE Published:
25 October 2013

What is CVE-2013-4465?

The vulnerability in the avatar upload functionality of Simple Machines Forum allows remote authenticated users to upload files with executable extensions, facilitating the potential execution of arbitrary code. This risk arises when such malicious files are accessed through direct requests, providing an avenue for attackers to exploit the system. Affected users should upgrade to version 2.0.6 or later to mitigate this risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://github.com/SimpleMachines/SMF2.1/issues/701
x_refsource_CONFIRM
http://download.simplemachines.org/index.php?thanks%3Bfil...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/63275
vdb-entryx_refsource_BID

Timeline

  • Vulnerability Reserved

  • Vulnerability published

JSON
.