ByteOS Network

NVD Vulnerability Details :

CVE-2013-5353

Deferred

Source-PSIRT-CNA@flexerasoftware.com

Published At-13 Jun, 2014 | 14:55

Updated At-12 Apr, 2025 | 10:46

Unrestricted file upload vulnerability in system/controllers/ajax/attachments.php in Sharetronix 3.1.1.3, 3.1.1, and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	6.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:P

CPE Matches

sharetronix>>sharetronix>>Versions up to 3.1.1(inclusive)

cpe:2.3:a:sharetronix:sharetronix:*:*:*:*:*:*:*:*

sharetronix>>sharetronix>>3.1.1.3

cpe:2.3:a:sharetronix:sharetronix:3.1.1.3:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
NVD-CWE-Other	Primary	nvd@nist.gov

Evaluator Description

Per: http://cwe.mitre.org/data/definitions/434.html "CWE-434: Unrestricted Upload of File with Dangerous Type"

References

Hyperlink	Source	Resource
http://osvdb.org/100604	PSIRT-CNA@flexerasoftware.com	N/A
http://secunia.com/advisories/53936	PSIRT-CNA@flexerasoftware.com	N/A
http://secunia.com/secunia_research/2013-9/	PSIRT-CNA@flexerasoftware.com	N/A
http://www.securityfocus.com/bid/64102	PSIRT-CNA@flexerasoftware.com	N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/89502	PSIRT-CNA@flexerasoftware.com	N/A
http://osvdb.org/100604	af854a3a-2127-422b-91ae-364da2661108	N/A
http://secunia.com/advisories/53936	af854a3a-2127-422b-91ae-364da2661108	N/A
http://secunia.com/secunia_research/2013-9/	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.securityfocus.com/bid/64102	af854a3a-2127-422b-91ae-364da2661108	N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/89502	af854a3a-2127-422b-91ae-364da2661108	N/A

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History