CVE-2013-10038
BaseFortify
Publication date: 2025-07-31
Last updated on: 2025-07-31
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| flashchat | flashchat | 6.0.4 |
| flashchat | flashchat | 6.0.8 |
| flashchat | flashchat | 6.0.2 |
| flashchat | flashchat | 6.0.5 |
| flashchat | flashchat | 6.0.6 |
| flashchat | flashchat | 6.0.7 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an unauthenticated arbitrary file upload issue in FlashChat versions 6.0.2 and 6.0.4 through 6.0.8. The upload.php endpoint does not properly validate file types or require authentication, allowing attackers to upload malicious PHP scripts. These scripts can then be executed remotely, leading to arbitrary code execution with the privileges of the web server user.
How can this vulnerability impact me? :
An attacker can exploit this vulnerability to upload and execute malicious code on the affected server without authentication. This can lead to full compromise of the web server, unauthorized access to data, disruption of services, and potentially further attacks within the network.