{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Unrestricted file upload vulnerability in the avatar upload functionality in Simple Machines Forum before 2.0.6 and 2.1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-10-03T16:14:58", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/SimpleMachines/SMF2.1/issues/701"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://download.simplemachines.org/index.php?thanks%3Bfilename=smf_2-0-6_changelog.txt"}, {"name": "63275", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/63275"}, {"name": "[oss-security] 20131024 Re: CVE Request: Simple Machines Forum (SMF) Remote file inclusion vulnerability", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2013/10/25/3"}, {"name": "[oss-security] 20131022 Re: CVE Request: Simple Machines Forum (SMF) Remote file inclusion vulnerability", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2013/10/23/6"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-4465", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Unrestricted file upload vulnerability in the avatar upload functionality in Simple Machines Forum before 2.0.6 and 2.1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/SimpleMachines/SMF2.1/issues/701", "refsource": "CONFIRM", "url": "https://github.com/SimpleMachines/SMF2.1/issues/701"}, {"name": "http://download.simplemachines.org/index.php?thanks;filename=smf_2-0-6_changelog.txt", "refsource": "CONFIRM", "url": "http://download.simplemachines.org/index.php?thanks;filename=smf_2-0-6_changelog.txt"}, {"name": "63275", "refsource": "BID", "url": "http://www.securityfocus.com/bid/63275"}, {"name": "[oss-security] 20131024 Re: CVE Request: Simple Machines Forum (SMF) Remote file inclusion vulnerability", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2013/10/25/3"}, {"name": "[oss-security] 20131022 Re: CVE Request: Simple Machines Forum (SMF) Remote file inclusion vulnerability", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2013/10/23/6"}]}}}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-4465", "datePublished": "2022-10-03T16:14:58", "dateReserved": "2022-10-03T00:00:00", "dateUpdated": "2022-10-03T16:14:58", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:*:*:*:*:*:*:*:*", "matchCriteriaId": "4AE3B1FA-5A5A-4261-A4DE-E68B96309997", "versionEndIncluding": "2.0.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "68BFA80B-10BE-48FA-A9F8-8FC163BBD18D", "vulnerable": true}, {"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "5C8DC2DE-AC37-4494-ADEC-581D26A34AF9", "vulnerable": true}, {"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "11E23F5F-8068-4EBD-87C8-4B8F4F89CDB1", "vulnerable": true}, {"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "AA3A2DBF-6B9F-4B30-84F5-5AAB75B606C6", "vulnerable": true}, {"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "559D77F1-149B-4821-952E-2E06D5E3F69F", "vulnerable": true}, {"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "1126ED56-1AD9-49AC-9A49-3803912F127E", "vulnerable": true}, {"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "46B2AA68-7B2F-4AD3-982D-3CFCEA40643C", "vulnerable": true}, {"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "25A66112-67BE-4103-975F-D198698BE50C", "vulnerable": true}, {"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "45E1F0FF-F232-4275-ADB7-F94AA3EE8964", "vulnerable": true}, {"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.9:*:*:*:*:*:*:*", "matchCriteriaId": "5FB14433-1E1A-4FA9-894F-3D79443DE5AB", "vulnerable": true}, {"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.10:*:*:*:*:*:*:*", "matchCriteriaId": "A97C8C51-68F1-459D-B03C-B213F68654E1", "vulnerable": true}, {"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.12:*:*:*:*:*:*:*", "matchCriteriaId": "54B195D4-40DB-49F5-9AC4-B83D99DE1981", "vulnerable": true}, {"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.13:*:*:*:*:*:*:*", "matchCriteriaId": "60F37A70-AA61-4AE0-8920-15ACBE1AEA85", "vulnerable": true}, {"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.14:*:*:*:*:*:*:*", "matchCriteriaId": "D3C4BC27-5F7E-474E-B474-BFDABFE173FA", "vulnerable": true}, {"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.15:*:*:*:*:*:*:*", "matchCriteriaId": "6877EF64-339A-47F6-835D-DC558B3619F5", "vulnerable": true}, {"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.16:*:*:*:*:*:*:*", "matchCriteriaId": "6986D103-9B4A-47B5-BAF6-FDA81FC16158", "vulnerable": true}, {"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.17:*:*:*:*:*:*:*", "matchCriteriaId": "4D15A07F-5513-4925-8312-0603EAF387D2", "vulnerable": true}, {"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.18:*:*:*:*:*:*:*", "matchCriteriaId": "575B6D4F-D694-4DED-AEBB-D34629D41FC8", "vulnerable": true}, {"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.19:*:*:*:*:*:*:*", "matchCriteriaId": "62AAD1A1-BB63-4918-B025-3E1ECACDC6FF", "vulnerable": true}, {"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.20:*:*:*:*:*:*:*", "matchCriteriaId": "4643B638-C3F6-4CFC-9501-8D7FDC287C8D", "vulnerable": true}, {"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.21:*:*:*:*:*:*:*", "matchCriteriaId": "3350A780-870C-4482-879B-1F80676CE2F7", "vulnerable": true}, {"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.22:*:*:*:*:*:*:*", "matchCriteriaId": "5BE07B07-9CD5-4F30-8F51-A79CCD467FEC", "vulnerable": true}, {"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.23:*:*:*:*:*:*:*", "matchCriteriaId": "7087FAD5-5063-4258-84E4-8B430D05AF3A", "vulnerable": true}, {"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "9BF1364E-1796-43B5-941A-052E3FA63EC6", "vulnerable": true}, {"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "F48ABB45-0DD0-4113-B998-E27D246317A8", "vulnerable": true}, {"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "ACEC624B-F259-4A57-8E75-36101B15AC29", "vulnerable": true}, {"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "8B533493-36FF-47D2-9924-7277BA3550E4", "vulnerable": true}, {"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "08D81C9A-5DB5-491B-AF8A-FD87E7A7ACC0", "vulnerable": true}, {"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "CA96EA1B-256C-4E42-999B-B2EC30A82E82", "vulnerable": true}, {"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "39376239-D851-4614-9F54-4DE077DA2BB6", "vulnerable": true}, {"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "3BEBAF17-902E-441A-AE39-A2457522866B", "vulnerable": true}, {"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1.8:*:*:*:*:*:*:*", "matchCriteriaId": "7223B467-DFEC-4D01-9FA4-537151DBD0CC", "vulnerable": true}, {"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1.9:*:*:*:*:*:*:*", "matchCriteriaId": "9FDDA21E-F192-45A0-8E53-1CDC614D58B1", "vulnerable": true}, {"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1.10:*:*:*:*:*:*:*", "matchCriteriaId": "6932E5C3-47C2-414B-8D79-A2FC70C9DE97", "vulnerable": true}, {"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1.11:*:*:*:*:*:*:*", "matchCriteriaId": "9CD39E15-2741-4B54-B78D-F5C4FBF596DB", "vulnerable": true}, {"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1.12:*:*:*:*:*:*:*", "matchCriteriaId": "880D38A1-308F-46F4-A3D9-4278506CD84C", "vulnerable": true}, {"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1.13:*:*:*:*:*:*:*", "matchCriteriaId": "D2A709B4-EBAE-4B45-BA9C-F3FB1A787790", "vulnerable": true}, {"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1.14:*:*:*:*:*:*:*", "matchCriteriaId": "DA543E42-55B7-454A-8E65-017DD537DDBB", "vulnerable": true}, {"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1.15:*:*:*:*:*:*:*", "matchCriteriaId": "C5863684-6E4F-4972-B853-A8CECE8FC101", "vulnerable": true}, {"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1.16:*:*:*:*:*:*:*", "matchCriteriaId": "6EACAE2B-9ADD-4B3E-9770-F4EEE4F29862", "vulnerable": true}, {"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1.17:*:*:*:*:*:*:*", "matchCriteriaId": "65ECB5EA-AFC0-4B1D-84E2-22F90A0A728A", "vulnerable": true}, {"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "DA503D5C-94A2-43F3-B70A-07539A834850", "vulnerable": true}, {"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "EDC7978C-B3BE-479C-8733-DDD5100A9CE8", "vulnerable": true}, {"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:2.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "0FBD4174-51EE-4A3A-AE72-297F33F09905", "vulnerable": true}, {"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:2.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "FE7AD0D1-655E-41F7-B40D-B62DAF96D124", "vulnerable": true}, {"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:2.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "16A5363B-BB3B-4F51-9DA3-6136E3E79760", "vulnerable": true}, {"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:2.1:*:*:*:*:*:*:*", "matchCriteriaId": "774F215A-067D-4597-9EA0-B5393F089062", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Unrestricted file upload vulnerability in the avatar upload functionality in Simple Machines Forum before 2.0.6 and 2.1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory."}, {"lang": "es", "value": "vulnerabilidad de subida sin restricci\u00f3n de archivos en la funcionalidad avatar upload en Simple Machines Forum antes de 2.0.6 y 2.1 que permite a los usuarios remotos autenticados ejecutar c\u00f3digo arbitrario mediante la carga de un archivo con una extensi\u00f3n ejecutable , y a continuaci\u00f3n, acceder a \u00e9l a trav\u00e9s de una petici\u00f3n directa al archivo en un directorio no especificado ."}], "evaluatorComment": "CWE-434: Unrestricted Upload of File with Dangerous Type per http://cwe.mitre.org/data/definitions/434.html", "id": "CVE-2013-4465", "lastModified": "2023-11-07T02:16:18.880", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-10-25T23:55:04.130", "references": [{"source": "secalert@redhat.com", "url": "http://download.simplemachines.org/index.php?thanks%3Bfilename=smf_2-0-6_changelog.txt"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2013/10/23/6"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2013/10/25/3"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/63275"}, {"source": "secalert@redhat.com", "url": "https://github.com/SimpleMachines/SMF2.1/issues/701"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}