CVE-2013-3590

Severity

68%

Complexity

86%

Confidentiality

106%

Per: http://cwe.mitre.org/data/definitions/434.html 'CWE-434: Unrestricted Upload of File with Dangerous Type'

Unrestricted file upload vulnerability in admin/uploadImage.html in SearchBlox before 7.5 build 1 allows remote attackers to execute arbitrary code by uploading an executable file with the image/jpeg content type, and then accessing this file via unspecified vectors, as demonstrated by access to a JSP file.

Per: http://cwe.mitre.org/data/definitions/434.html 'CWE-434: Unrestricted Upload of File with Dangerous Type'

CVSS 2.0 Base Score 6.8. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P).

Overview

Type

Searchblox

First reported 11 years ago

2013-08-28 13:09:00

Last updated 11 years ago

2013-10-07 18:01:00

Affected Software

Searchblox 6.2 build 1

6.2

Searchblox 6.3 build 1

6.3

Searchblox 6.4 build 1

6.4

Searchblox 6.4 build 2

6.4

Searchblox 7.0

7.0

Searchblox 7.1

7.1

Searchblox 7.2

7.2

Searchblox 7.3

7.3

Searchblox 7.4

7.4

References

http://buddhalabs.com/Advisories/WebAdvisories.html

VU#592942

US Government Resource

http://www.searchblox.com/developers-2/change-log

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.