CVE-2013-10047
BaseFortify
Publication date: 2025-08-01
Last updated on: 2025-08-06
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| miniweb | http_server | 300 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an unrestricted file upload issue in MiniWeb HTTP Server versions up to Build 300. It allows unauthenticated remote attackers to upload arbitrary files to the server's filesystem. By exploiting the upload handler and using a crafted traversal path, an attacker can place malicious executable files in critical system directories, such as system32 and the WMI directory. This leads to execution of the malicious payload with SYSTEM privileges via the Windows Management Instrumentation service. The exploit only works on Windows versions prior to Vista.
How can this vulnerability impact me? :
The vulnerability can allow an attacker to gain SYSTEM-level privileges on the affected server by uploading and executing malicious files. This can lead to full compromise of the system, unauthorized access, data theft, disruption of services, and potentially further attacks within the network.