CVE-2013-10066
Kordil EDMS v2.2.60rc3 Unauthenticated Arbitrary File Upload
An unauthenticated arbitrary file upload vulnerability exists in Kordil EDMS v2.2.60rc3. The application exposes an upload endpoint (users_add.php) that allows attackers to upload files to the /userpictures/ directory without authentication. This flaw enables remote code execution by uploading a PHP payload and invoking it via a direct HTTP request.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Affected products
Kordil · EDMSpublic PoCs found — 2
cve_referenceraw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/kordil_edms_upload_exec.rbunverifiedcve_referencewww.exploit-db.com/exploits/24547unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/kordil_edms_upload_exec.rbhttps://sourceforge.net/projects/kordiledms/https://www.exploit-db.com/exploits/24547https://www.juniper.net/us/en/threatlabs/ips-signatures/detail.APP:MSF-KORDIL-EDMS-AFU.htmlhttps://www.vulncheck.com/advisories/kordil-edms-unauth-arbitrary-file-upload