CVE-2013-10038

Sažetak

An unauthenticated arbitrary file upload vulnerability exists in FlashChat versions 6.0.2 and 6.0.4 through 6.0.8. The upload.php endpoint fails to properly validate file types and authentication, allowing attackers to upload malicious PHP scripts. Once uploaded, these scripts can be executed remotely, resulting in arbitrary code execution as the web server user.

Reference

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/flashchat_upload_exec.rb
https://www.exploit-db.com/exploits/28709
https://www.fortiguard.com/encyclopedia/ips/37342/flashchat-arbitrary-file-upload
https://www.phpbb.com/community/viewtopic.php?t=2627786
https://www.vulncheck.com/advisories/flashchat-arbitrary-file-upload-rce

CVSS

Base:	0.0
Impact:	None
Exploitability:	None

Pristup

Vektor	Složenost	Autentikacija
None	None	None

Impact

Povjerljivost	Cjelovitost	Dostupnost
None	None	None

CVSS vektor

None

Zadnje važnije ažuriranje

31-07-2025 - 18:42

Objavljeno

31-07-2025 - 15:15