Skip to main content

Simple Machines Forum CVE-2013-4465

MEDIUM
2013-10-25 secalert@redhat.com
4.6
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
4.6 MEDIUM
AV:N/AC:H/Au:S/C:P/I:P/A:P

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:H/Au:S/C:P/I:P/A:P
Attack Vector
Network
Attack Complexity
High
Confidentiality
P
Integrity
P
Availability
P

Lifecycle Timeline

1
CVE Published
Oct 25, 2013 - 23:55 cve.org
MEDIUM 4.6

DescriptionCVE.org

Unrestricted file upload vulnerability in the avatar upload functionality in Simple Machines Forum before 2.0.6 and 2.1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory.

AnalysisAI

Unrestricted file upload vulnerability in the avatar upload functionality in Simple Machines Forum before 2.0.6 and 2.1 allows remote authenticated users to execute arbitrary code by uploading a file. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable. No vendor patch available.

Technical ContextAI

Unrestricted file upload vulnerability in the avatar upload functionality in Simple Machines Forum before 2.0.6 and 2.1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory. Affected products include: Simplemachines Simple Machines Forum. Version information: before 2.0.6.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2022-26982 HIGH POC
7.2 Apr 05

SimpleMachinesForum 2.1.1 and earlier allows remote authenticated administrators to execute arbitrary code by inserting

CVE-2016-5726 CRITICAL
9.8 Feb 09

Packages.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object injection attacks and exec

CVE-2018-10305 CRITICAL
9.8 Apr 24

The MessageSearch2 function in PersonalMessage.php in Simple Machines Forum (SMF) before 2.0.15 does not properly use th

CVE-2024-7438 MEDIUM POC
5.3 Aug 03

A vulnerability has been found in SimpleMachines SMF 2.1.4 and classified as problematic. Rated medium severity (CVSS 5.

CVE-2024-7437 MEDIUM POC
5.3 Aug 03

A vulnerability, which was classified as critical, was found in SimpleMachines SMF 2.1.4. Rated medium severity (CVSS 5.

CVE-2025-2583 MEDIUM POC
5.1 Mar 21

A vulnerability was found in SimpleMachines SMF 2.1.4. Rated medium severity (CVSS 5.1), this vulnerability is remotely

CVE-2016-5727 HIGH
8.8 Feb 09

LogInOut.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object injection attacks and exec

CVE-2013-7235 HIGH
7.5 Apr 29

Simple Machines Forum (SMF) before 1.1.19 and 2.x before 2.0.6 allows remote attackers to impersonate arbitrary users vi

CVE-2013-7236 HIGH
7.5 Apr 29

Simple Machines Forum (SMF) 2.0.6, 1.1.19, and earlier allows remote attackers to impersonate arbitrary users via a Unic

CVE-2013-7234 MEDIUM
4.3 Apr 29

Simple Machines Forum (SMF) before 1.1.19 and 2.x before 2.0.6 allows remote attackers to conduct clickjacking attacks v

CVE-2025-2582 MEDIUM POC
5.1 Mar 21

A vulnerability was found in SimpleMachines SMF 2.1.4 and classified as problematic. Rated medium severity (CVSS 5.1), t

Share

CVE-2013-4465 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy