PT-2013-5028 · Simple Machines · Simple Machines Forum
Henryhoggard
·
Publicado
2013-10-25
·
Atualizado
2013-10-28
·
CVE-2013-4465
CVSS v2.0
4.6
Média
| Vetor | AV:N/AC:H/Au:S/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Simple Machines Forum versions prior to 2.0.6
Simple Machines Forum versions prior to 2.1
Description
The issue is related to an unrestricted file upload vulnerability in the avatar upload functionality. This allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension and then accessing it via a direct request to the file.
Recommendations
For versions prior to 2.0.6, update to version 2.0.6 or later to resolve the issue.
For versions prior to 2.1, update to version 2.1 or later to resolve the issue.
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Simple Machines Forum