CVE-2013-10055

An unauthenticated arbitrary file upload vulnerability exists in Havalite CMS version 1.1.7 (and possibly earlier) in the upload.php script. The application fails to enforce proper file extension validation and authentication checks, allowing remote attackers to upload malicious PHP files via a crafted multipart/form-data POST request. Once uploaded, the attacker can access the file directly under havalite/tmp/files/, resulting in remote code execution.

CVSS

No CVSS.

References

Link	Resource
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/havalite_upload_exec.rb
https://sourceforge.net/projects/havalite/
https://www.exploit-db.com/exploits/26243
https://www.vulncheck.com/advisories/havalite-cms-arbitary-file-upload-rce
https://www.exploit-db.com/exploits/26243

Configurations

No configuration.

History

04 Aug 2025, 15:15

Type	Values Removed	Values Added
References	~~() https://www.exploit-db.com/exploits/26243 -~~	() https://www.exploit-db.com/exploits/26243 -

04 Aug 2025, 15:06

Type	Values Removed	Values Added
Summary		(es) Existe una vulnerabilidad de carga arbitraria de archivos no autenticados en Havalite CMS versión 1.1.7 (y posiblemente anteriores) en el script upload.php. La aplicación no aplica las comprobaciones de validación y autenticación de la extensión de archivo, lo que permite a atacantes remotos cargar archivos PHP maliciosos mediante una solicitud POST multipart/form-data manipulada. Una vez cargado, el atacante puede acceder al archivo directamente en havalite/tmp/files/, lo que provoca la ejecución remota de código.

01 Aug 2025, 21:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-08-01 21:15

Updated : 2025-08-04 15:15

NVD link : CVE-2013-10055

Mitre link : CVE-2013-10055

CVE.ORG link : CVE-2013-10055

JSON object : View

Products Affected

No product.

CWE

CWE-434

Unrestricted Upload of File with Dangerous Type

{"id": "CVE-2013-10055", "cveTags": [{"tags": ["unsupported-when-assigned"], "sourceIdentifier": "disclosure@vulncheck.com"}], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-08-01T21:15:27.473", "references": [{"url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/havalite_upload_exec.rb", "source": "disclosure@vulncheck.com"}, {"url": "https://sourceforge.net/projects/havalite/", "source": "disclosure@vulncheck.com"}, {"url": "https://www.exploit-db.com/exploits/26243", "source": "disclosure@vulncheck.com"}, {"url": "https://www.vulncheck.com/advisories/havalite-cms-arbitary-file-upload-rce", "source": "disclosure@vulncheck.com"}, {"url": "https://www.exploit-db.com/exploits/26243", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "description": [{"lang": "en", "value": "CWE-434"}]}], "descriptions": [{"lang": "en", "value": "An unauthenticated arbitrary file upload vulnerability exists in Havalite CMS version 1.1.7 (and possibly earlier) in the upload.php script. The application fails to enforce proper file extension validation and authentication checks, allowing remote attackers to upload malicious PHP files via a crafted multipart/form-data POST request. Once uploaded, the attacker can access the file directly under havalite/tmp/files/, resulting in remote code execution."}, {"lang": "es", "value": "Existe una vulnerabilidad de carga arbitraria de archivos no autenticados en Havalite CMS versi\u00f3n 1.1.7 (y posiblemente anteriores) en el script upload.php. La aplicaci\u00f3n no aplica las comprobaciones de validaci\u00f3n y autenticaci\u00f3n de la extensi\u00f3n de archivo, lo que permite a atacantes remotos cargar archivos PHP maliciosos mediante una solicitud POST multipart/form-data manipulada. Una vez cargado, el atacante puede acceder al archivo directamente en havalite/tmp/files/, lo que provoca la ejecuci\u00f3n remota de c\u00f3digo."}], "lastModified": "2025-08-04T15:15:30.477", "sourceIdentifier": "disclosure@vulncheck.com"}