CVE-2013-3631

Name of the Vulnerable Software and Affected Versions NAS4Free versions 9.1.0.1.804 and earlier

Description The issue allows remote authenticated users to execute arbitrary PHP code via a request to "exec.php", which is part of the "Advanced | Execute Command" feature. It appears this might be intentionally-exposed functionality by the developer and is allowed within the intended security policy.

Recommendations For NAS4Free versions 9.1.0.1.804 and earlier, consider restricting access to the "exec.php" endpoint to minimize the risk of exploitation, as it allows the execution of arbitrary PHP code.