CVE-2013-4465

{"id": "CVE-2013-4465", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.6, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "HIGH", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-10-25T23:55:04.130", "references": [{"url": "http://download.simplemachines.org/index.php?thanks%3Bfilename=smf_2-0-6_changelog.txt", "source": "secalert@redhat.com"}, {"url": "http://www.openwall.com/lists/oss-security/2013/10/23/6", "source": "secalert@redhat.com"}, {"url": "http://www.openwall.com/lists/oss-security/2013/10/25/3", "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/bid/63275", "source": "secalert@redhat.com"}, {"url": "https://github.com/SimpleMachines/SMF2.1/issues/701", "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Unrestricted file upload vulnerability in the avatar upload functionality in Simple Machines Forum before 2.0.6 and 2.1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory."}, {"lang": "es", "value": "vulnerabilidad de subida sin restricci\u00f3n de archivos en la funcionalidad avatar upload en Simple Machines Forum antes de 2.0.6 y 2.1 que permite a los usuarios remotos autenticados ejecutar c\u00f3digo arbitrario mediante la carga de un archivo con una extensi\u00f3n ejecutable , y a continuaci\u00f3n, acceder a \u00e9l a trav\u00e9s de una petici\u00f3n directa al archivo en un directorio no especificado ."}], "lastModified": "2023-11-07T02:16:18.880", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4AE3B1FA-5A5A-4261-A4DE-E68B96309997", "versionEndIncluding": "2.0.5"}, {"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "68BFA80B-10BE-48FA-A9F8-8FC163BBD18D"}, {"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5C8DC2DE-AC37-4494-ADEC-581D26A34AF9"}, {"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "11E23F5F-8068-4EBD-87C8-4B8F4F89CDB1"}, {"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AA3A2DBF-6B9F-4B30-84F5-5AAB75B606C6"}, {"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "559D77F1-149B-4821-952E-2E06D5E3F69F"}, {"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1126ED56-1AD9-49AC-9A49-3803912F127E"}, {"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "46B2AA68-7B2F-4AD3-982D-3CFCEA40643C"}, {"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "25A66112-67BE-4103-975F-D198698BE50C"}, {"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "45E1F0FF-F232-4275-ADB7-F94AA3EE8964"}, {"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5FB14433-1E1A-4FA9-894F-3D79443DE5AB"}, {"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A97C8C51-68F1-459D-B03C-B213F68654E1"}, {"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "54B195D4-40DB-49F5-9AC4-B83D99DE1981"}, {"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.13:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "60F37A70-AA61-4AE0-8920-15ACBE1AEA85"}, {"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.14:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D3C4BC27-5F7E-474E-B474-BFDABFE173FA"}, {"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.15:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6877EF64-339A-47F6-835D-DC558B3619F5"}, {"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.16:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6986D103-9B4A-47B5-BAF6-FDA81FC16158"}, {"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.17:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4D15A07F-5513-4925-8312-0603EAF387D2"}, {"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.18:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "575B6D4F-D694-4DED-AEBB-D34629D41FC8"}, {"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.19:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "62AAD1A1-BB63-4918-B025-3E1ECACDC6FF"}, {"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.20:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4643B638-C3F6-4CFC-9501-8D7FDC287C8D"}, {"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.21:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3350A780-870C-4482-879B-1F80676CE2F7"}, {"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.22:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5BE07B07-9CD5-4F30-8F51-A79CCD467FEC"}, {"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.23:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7087FAD5-5063-4258-84E4-8B430D05AF3A"}, {"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9BF1364E-1796-43B5-941A-052E3FA63EC6"}, {"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F48ABB45-0DD0-4113-B998-E27D246317A8"}, {"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ACEC624B-F259-4A57-8E75-36101B15AC29"}, {"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8B533493-36FF-47D2-9924-7277BA3550E4"}, {"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "08D81C9A-5DB5-491B-AF8A-FD87E7A7ACC0"}, {"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CA96EA1B-256C-4E42-999B-B2EC30A82E82"}, {"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "39376239-D851-4614-9F54-4DE077DA2BB6"}, {"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3BEBAF17-902E-441A-AE39-A2457522866B"}, {"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7223B467-DFEC-4D01-9FA4-537151DBD0CC"}, {"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9FDDA21E-F192-45A0-8E53-1CDC614D58B1"}, {"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6932E5C3-47C2-414B-8D79-A2FC70C9DE97"}, {"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9CD39E15-2741-4B54-B78D-F5C4FBF596DB"}, {"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1.12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "880D38A1-308F-46F4-A3D9-4278506CD84C"}, {"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1.13:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D2A709B4-EBAE-4B45-BA9C-F3FB1A787790"}, {"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1.14:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DA543E42-55B7-454A-8E65-017DD537DDBB"}, {"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1.15:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C5863684-6E4F-4972-B853-A8CECE8FC101"}, {"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1.16:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6EACAE2B-9ADD-4B3E-9770-F4EEE4F29862"}, {"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1.17:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "65ECB5EA-AFC0-4B1D-84E2-22F90A0A728A"}, {"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DA503D5C-94A2-43F3-B70A-07539A834850"}, {"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:2.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EDC7978C-B3BE-479C-8733-DDD5100A9CE8"}, {"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:2.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0FBD4174-51EE-4A3A-AE72-297F33F09905"}, {"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:2.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FE7AD0D1-655E-41F7-B40D-B62DAF96D124"}, {"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:2.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "16A5363B-BB3B-4F51-9DA3-6136E3E79760"}, {"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "774F215A-067D-4597-9EA0-B5393F089062"}], "operator": "OR"}]}], "evaluatorComment": "CWE-434: Unrestricted Upload of File with Dangerous Type per http://cwe.mitre.org/data/definitions/434.html", "sourceIdentifier": "secalert@redhat.com"}