CVE-2013-3590

Name of the Vulnerable Software and Affected Versions SearchBlox versions prior to 7.5 build 1

Description The issue allows remote attackers to execute arbitrary code by uploading an executable file with the content type set to image/jpeg to the admin/uploadImage.html endpoint, and then accessing this file via unspecified vectors. This can be demonstrated by accessing a JSP file.

Recommendations For versions prior to 7.5 build 1, update to version 7.5 build 1 or later to resolve the issue. As a temporary workaround, consider restricting access to the admin/uploadImage.html endpoint to minimize the risk of exploitation. Avoid uploading files with executable content to prevent potential code execution.