CVE-2013-10055

Sažetak

An unauthenticated arbitrary file upload vulnerability exists in Havalite CMS version 1.1.7 (and possibly earlier) in the upload.php script. The application fails to enforce proper file extension validation and authentication checks, allowing remote attackers to upload malicious PHP files via a crafted multipart/form-data POST request. Once uploaded, the attacker can access the file directly under havalite/tmp/files/, resulting in remote code execution.

Reference

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/havalite_upload_exec.rb
https://sourceforge.net/projects/havalite/
https://www.exploit-db.com/exploits/26243
https://www.vulncheck.com/advisories/havalite-cms-arbitary-file-upload-rce

CVSS

Base:	0.0
Impact:	None
Exploitability:	None

Pristup

Vektor	Složenost	Autentikacija
None	None	None

Impact

Povjerljivost	Cjelovitost	Dostupnost
None	None	None

CVSS vektor

None

Zadnje važnije ažuriranje

01-08-2025 - 21:15

Objavljeno

01-08-2025 - 21:15