CVE-2013-10067
BaseFortify
Publication date: 2025-08-05
Last updated on: 2025-08-06
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| glossword | glossword | 1.8.9 |
| glossword | glossword | 1.8.11 |
| glossword | glossword | 1.8.10 |
| glossword | glossword | 1.8.8 |
| glossword | glossword | 1.8.12 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Glossword versions 1.8.8 through 1.8.12, where the administrative interface allows users with administrator privileges to upload files to a specific directory without properly validating the file type and path. This flaw enables attackers to upload malicious PHP files and execute them remotely, leading to remote code execution on the server.
How can this vulnerability impact me? :
If exploited, this vulnerability can allow an attacker with administrator access to upload and execute arbitrary PHP code on the server, potentially leading to full system compromise, unauthorized data access, data modification, or disruption of service.