CVE-2013-10040
ClipBucket <= 2.6 ofc_upload_image.php Arbitrary File Upload RCE
ClipBucket version 2.6 and earlier contains a critical vulnerability in the ofc_upload_image.php script located at /admin_area/charts/ofc-library/. This endpoint allows unauthenticated users to upload arbitrary files, including executable PHP scripts. Once uploaded, the attacker can access the file via a predictable path and trigger remote code execution.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Affected products
ClipBucket LLC · ClipBucketpublic PoCs found — 2
cve_referencepacketstorm.news/files/id/123480unverifiedcve_referenceraw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/clipbucket_upload_exec.rbunverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://clipbucket.com/https://github.com/arslancb/clipbuckethttps://packetstorm.news/files/id/123480https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/clipbucket_upload_exec.rbhttps://www.vulncheck.com/advisories/clipbucket-arbitrary-file-upload-rce