Simple Machines · Simple Machines Forum · CVE-2013-4465
**Name of the Vulnerable Software and Affected Versions**
Simple Machines Forum versions prior to 2.0.6
Simple Machines Forum versions prior to 2.1
**Description**
The issue is related to an unrestricted file upload vulnerability in the avatar upload functionality. This allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension and then accessing it via a direct request to the file.
**Recommendations**
For versions prior to 2.0.6, update to version 2.0.6 or later to resolve the issue.
For versions prior to 2.1, update to version 2.1 or later to resolve the issue.