Vulnerability Name:

CVE-2013-4465

Assigned:2013-06-12
Published:2013-10-21
Updated:2013-10-28
Summary:Unrestricted file upload vulnerability in the avatar upload functionality in Simple Machines Forum before 2.0.6 and 2.1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory.
CVSS v3 Severity:4.6 Medium (CCN CVSS v3 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): Low
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:4.6 Medium (CVSS v2 Vector: AV:N/AC:H/Au:S/C:P/I:P/A:P)
3.4 Low (Temporal CVSS v2 Vector: AV:N/AC:H/Au:S/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
6.0 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P)
4.4 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
References:Source: CONFIRM
Type: UNKNOWN
http://download.simplemachines.org/index.php?thanks;filename=smf_2-0-6_changelog.txt

Source: MLIST
Type: UNKNOWN
[oss-security] 20131022 Re: CVE Request: Simple Machines Forum (SMF) Remote file inclusion vulnerability

Source: MLIST
Type: UNKNOWN
[oss-security] 20131024 Re: CVE Request: Simple Machines Forum (SMF) Remote file inclusion vulnerability

Source: BID
Type: UNKNOWN
63275

Source: XF
Type: UNKNOWN
simplemachinesforum-avatar-file-upload(88250)

Source: CONFIRM
Type: UNKNOWN
https://github.com/SimpleMachines/SMF2.1/issues/701

Vulnerable Configuration:Configuration 1:
  • cpe:/a:simplemachines:simple_machines_forum:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:simplemachines:simple_machines_forum:2.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:simplemachines:simple_machines_forum:2.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:simplemachines:simple_machines_forum:2.1:*:*:*:*:*:*:*
  • OR cpe:/a:simplemachines:simple_machines_forum:1.1.9:*:*:*:*:*:*:*
  • OR cpe:/a:simplemachines:simple_machines_forum:1.1.8:*:*:*:*:*:*:*
  • OR cpe:/a:simplemachines:simple_machines_forum:1.1.7:*:*:*:*:*:*:*
  • OR cpe:/a:simplemachines:simple_machines_forum:1.1.6:*:*:*:*:*:*:*
  • OR cpe:/a:simplemachines:simple_machines_forum:1.1.5:*:*:*:*:*:*:*
  • OR cpe:/a:simplemachines:simple_machines_forum:1.1.4:*:*:*:*:*:*:*
  • OR cpe:/a:simplemachines:simple_machines_forum:1.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:simplemachines:simple_machines_forum:1.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:simplemachines:simple_machines_forum:1.1.17:*:*:*:*:*:*:*
  • OR cpe:/a:simplemachines:simple_machines_forum:1.1.16:*:*:*:*:*:*:*
  • OR cpe:/a:simplemachines:simple_machines_forum:1.1.15:*:*:*:*:*:*:*
  • OR cpe:/a:simplemachines:simple_machines_forum:1.1.14:*:*:*:*:*:*:*
  • OR cpe:/a:simplemachines:simple_machines_forum:1.1.13:*:*:*:*:*:*:*
  • OR cpe:/a:simplemachines:simple_machines_forum:1.1.12:*:*:*:*:*:*:*
  • OR cpe:/a:simplemachines:simple_machines_forum:1.1.11:*:*:*:*:*:*:*
  • OR cpe:/a:simplemachines:simple_machines_forum:1.1.10:*:*:*:*:*:*:*
  • OR cpe:/a:simplemachines:simple_machines_forum:1.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:simplemachines:simple_machines_forum:1.1:*:*:*:*:*:*:*
  • OR cpe:/a:simplemachines:simple_machines_forum:1.0.9:*:*:*:*:*:*:*
  • OR cpe:/a:simplemachines:simple_machines_forum:1.0.8:*:*:*:*:*:*:*
  • OR cpe:/a:simplemachines:simple_machines_forum:1.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:simplemachines:simple_machines_forum:1.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:simplemachines:simple_machines_forum:1.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:simplemachines:simple_machines_forum:1.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:simplemachines:simple_machines_forum:1.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:simplemachines:simple_machines_forum:1.0.23:*:*:*:*:*:*:*
  • OR cpe:/a:simplemachines:simple_machines_forum:1.0.22:*:*:*:*:*:*:*
  • OR cpe:/a:simplemachines:simple_machines_forum:1.0.21:*:*:*:*:*:*:*
  • OR cpe:/a:simplemachines:simple_machines_forum:1.0.20:*:*:*:*:*:*:*
  • OR cpe:/a:simplemachines:simple_machines_forum:1.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:simplemachines:simple_machines_forum:1.0.19:*:*:*:*:*:*:*
  • OR cpe:/a:simplemachines:simple_machines_forum:1.0.17:*:*:*:*:*:*:*
  • OR cpe:/a:simplemachines:simple_machines_forum:1.0.14:*:*:*:*:*:*:*
  • OR cpe:/a:simplemachines:simple_machines_forum:1.0.12:*:*:*:*:*:*:*
  • OR cpe:/a:simplemachines:simple_machines_forum:1.0.10:*:*:*:*:*:*:*
  • OR cpe:/a:simplemachines:simple_machines_forum:1.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:simplemachines:simple_machines_forum:1.0.13:*:*:*:*:*:*:*
  • OR cpe:/a:simplemachines:simple_machines_forum:1.0.15:*:*:*:*:*:*:*
  • OR cpe:/a:simplemachines:simple_machines_forum:1.0.16:*:*:*:*:*:*:*
  • OR cpe:/a:simplemachines:simple_machines_forum:1.0.18:*:*:*:*:*:*:*
  • OR cpe:/a:simplemachines:simple_machines_forum:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:simplemachines:simple_machines_forum:2.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:simplemachines:simple_machines_forum:2.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:simplemachines:simple_machines_forum:2.0.3:*:*:*:*:*:*:*

  • Denotes that component is vulnerable
    BACK
    simplemachines simple machines forum 2.0
    simplemachines simple machines forum 2.0.4
    simplemachines simple machines forum 2.0.5
    simplemachines simple machines forum 2.1
    simplemachines simple machines forum 1.1.9
    simplemachines simple machines forum 1.1.8
    simplemachines simple machines forum 1.1.7
    simplemachines simple machines forum 1.1.6
    simplemachines simple machines forum 1.1.5
    simplemachines simple machines forum 1.1.4
    simplemachines simple machines forum 1.1.3
    simplemachines simple machines forum 1.1.2
    simplemachines simple machines forum 1.1.17
    simplemachines simple machines forum 1.1.16
    simplemachines simple machines forum 1.1.15
    simplemachines simple machines forum 1.1.14
    simplemachines simple machines forum 1.1.13
    simplemachines simple machines forum 1.1.12
    simplemachines simple machines forum 1.1.11
    simplemachines simple machines forum 1.1.10
    simplemachines simple machines forum 1.1.1
    simplemachines simple machines forum 1.1
    simplemachines simple machines forum 1.0.9
    simplemachines simple machines forum 1.0.8
    simplemachines simple machines forum 1.0.7
    simplemachines simple machines forum 1.0.6
    simplemachines simple machines forum 1.0.5
    simplemachines simple machines forum 1.0.4
    simplemachines simple machines forum 1.0.3
    simplemachines simple machines forum 1.0.23
    simplemachines simple machines forum 1.0.22
    simplemachines simple machines forum 1.0.21
    simplemachines simple machines forum 1.0.20
    simplemachines simple machines forum 1.0.2
    simplemachines simple machines forum 1.0.19
    simplemachines simple machines forum 1.0.17
    simplemachines simple machines forum 1.0.14
    simplemachines simple machines forum 1.0.12
    simplemachines simple machines forum 1.0.10
    simplemachines simple machines forum 1.0.1
    simplemachines simple machines forum 1.0.13
    simplemachines simple machines forum 1.0.15
    simplemachines simple machines forum 1.0.16
    simplemachines simple machines forum 1.0.18
    simplemachines simple machines forum 1.0
    simplemachines simple machines forum 2.0.1
    simplemachines simple machines forum 2.0.2
    simplemachines simple machines forum 2.0.3