CVE-2013-10040

CVE-2013-10040

Information

CVE_ID              : CVE-2013-10040
Severity            : CRITICAL
Published        : 2025-07-31T15:15:33.917
LastModified  : 2025-09-23T23:36:04.290
Updated          : 2025-09-23T23:36:04.290
Status              : Analyzed

Descriptions:

ClipBucket version 2.6 and earlier contains a critical vulnerability in the ofc_upload_image.php script located at /admin_area/charts/ofc-library/. This endpoint allows unauthenticated users to upload arbitrary files, including executable PHP scripts. Once uploaded, the attacker can access the file via a predictable path and trigger remote code execution.


Know Exploitability

Exploitability : False

Vendor Affected

clip-bucket

CVE-2013-10040

V4.0

Score : 10.0
Severity : CRITICAL
Attack Vector : NETWORK
Attack Complexity : LOW
Privileges Required : NONE
User Interaction : NONE
Scope :
Confidentiality Impact :
Integrity Impact :
Availability Impact :
Exploitability :
Impact Score :

V3.1

Score : 9.8
Severity : CRITICAL
Attack Vector : NETWORK
Attack Complexity : LOW
Privileges Required : NONE
User Interaction : NONE
Scope : UNCHANGED
Confidentiality Impact : HIGH
Integrity Impact : HIGH
Availability Impact : HIGH
Exploitability : 3.9
Impact Score : 5.9

V3.0

V2.0

References

https://clipbucket.com/

https://github.com/arslancb/clipbucket

https://packetstorm.news/files/id/123480

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/clipbucket_upload_exec.rb

https://www.vulncheck.com/advisories/clipbucket-arbitrary-file-upload-rce

Vendor Product
clip-bucket
  • clipbucket*****