← back
CVE-2013-3631

CVE-2013-3631

EPSS 12.6%
NAS4Free 9.1.0.1.804 and earlier allows remote authenticated users to execute arbitrary PHP code via a request to exec.php, aka the "Advanced | Execute Command" feature. NOTE: this issue might not be a vulnerability, since it appears to be part of legitimate, intentionally-exposed functionality by the developer and is allowed within the intended security policy.
Affected products
n/a · n/a
public PoCs found1
exploitdbwww.exploit-db.com/exploits/29320unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-tricks-and-treatshttp://www.kb.cert.org/vuls/id/326830