Simple Machines Forum
CVE-2013-4465
MEDIUM
Severity by source
AV:N/AC:H/Au:S/C:P/I:P/A:P
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
AV:N/AC:H/Au:S/C:P/I:P/A:P
Lifecycle Timeline
1DescriptionCVE.org
Unrestricted file upload vulnerability in the avatar upload functionality in Simple Machines Forum before 2.0.6 and 2.1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory.
AnalysisAI
Unrestricted file upload vulnerability in the avatar upload functionality in Simple Machines Forum before 2.0.6 and 2.1 allows remote authenticated users to execute arbitrary code by uploading a file. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable. No vendor patch available.
Technical ContextAI
Unrestricted file upload vulnerability in the avatar upload functionality in Simple Machines Forum before 2.0.6 and 2.1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory. Affected products include: Simplemachines Simple Machines Forum. Version information: before 2.0.6.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Simple Machines Forum
View allSimpleMachinesForum 2.1.1 and earlier allows remote authenticated administrators to execute arbitrary code by inserting
Packages.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object injection attacks and exec
The MessageSearch2 function in PersonalMessage.php in Simple Machines Forum (SMF) before 2.0.15 does not properly use th
A vulnerability has been found in SimpleMachines SMF 2.1.4 and classified as problematic. Rated medium severity (CVSS 5.
A vulnerability, which was classified as critical, was found in SimpleMachines SMF 2.1.4. Rated medium severity (CVSS 5.
A vulnerability was found in SimpleMachines SMF 2.1.4. Rated medium severity (CVSS 5.1), this vulnerability is remotely
LogInOut.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object injection attacks and exec
Simple Machines Forum (SMF) before 1.1.19 and 2.x before 2.0.6 allows remote attackers to impersonate arbitrary users vi
Simple Machines Forum (SMF) 2.0.6, 1.1.19, and earlier allows remote attackers to impersonate arbitrary users via a Unic
Simple Machines Forum (SMF) before 1.1.19 and 2.x before 2.0.6 allows remote attackers to conduct clickjacking attacks v
A vulnerability was found in SimpleMachines SMF 2.1.4 and classified as problematic. Rated medium severity (CVSS 5.1), t
Same technique File Upload
View allShare
External POC / Exploit Code
Leaving vuln.today