CVE-2013-3590

Unrestricted file upload vulnerability in admin/uploadImage.html in SearchBlox before 7.5 build 1 allows remote attackers to execute arbitrary code by uploading an executable file with the image/jpeg content type, and then accessing this file via unspecified vectors, as demonstrated by access to a JSP file.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
certccCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 81%
VendorProductVersion
searchbloxsearchblox
𝑥
≤ 7.5
searchbloxsearchblox
6.2:build_1
searchbloxsearchblox
6.3:build_1
searchbloxsearchblox
6.4:build_1
searchbloxsearchblox
6.4:build_2
searchbloxsearchblox
7.0
searchbloxsearchblox
7.1
searchbloxsearchblox
7.2
searchbloxsearchblox
7.3
searchbloxsearchblox
7.4
𝑥
= Vulnerable software versions
References
http://buddhalabs.com/Advisories/WebAdvisories.html
http://www.kb.cert.org/vuls/id/592942
http://www.searchblox.com/developers-2/change-log
http://buddhalabs.com/Advisories/WebAdvisories.html
http://www.kb.cert.org/vuls/id/592942
http://www.searchblox.com/developers-2/change-log