CVE-2013-10040

CVE-2013-10040

Information

CVE_ID              : CVE-2013-10040
Severity            : CRITICAL
Published        : 2025-07-31T15:15:33.917
LastModified  : 2025-07-31T18:42:37.870
Updated          : 2025-07-31T18:42:37.870
Status              : Awaiting Analysis

Descriptions:

ClipBucket version 2.6 and earlier contains a critical vulnerability in the ofc_upload_image.php script located at /admin_area/charts/ofc-library/. This endpoint allows unauthenticated users to upload arbitrary files, including executable PHP scripts. Once uploaded, the attacker can access the file via a predictable path and trigger remote code execution.


Know Exploitability

Exploitability : False

Vendor Affected

CVE-2013-10040

V4.0

Score : 10.0
Severity : CRITICAL
Attack Vector : NETWORK
Attack Complexity : LOW
Privileges Required : NONE
User Interaction : NONE
Scope :
Confidentiality Impact :
Integrity Impact :
Availability Impact :
Exploitability :
Impact Score :

V3.1

V3.0

V2.0

References

https://clipbucket.com/

https://github.com/arslancb/clipbucket

https://packetstorm.news/files/id/123480

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/clipbucket_upload_exec.rb

https://www.vulncheck.com/advisories/clipbucket-arbitrary-file-upload-rce

Vendor Product