CNNVD-202508-384 Information

CNNVD ID

CNNVD-202508-384

Related CVE

CVE-2013-10067

• CNNVD Published: 2025-08-05

Description (Chinese)

Glossword是DmitrySh个人开发者的一个免费词典应用。 Glossword 1.8.8至1.8.12版本存在安全漏洞，该漏洞源于未验证上传文件类型，可能导致任意文件上传和远程代码执行。

Description (English)

Glossword is a free dictionary application for Dmitry Sh’s personal developer. There is a security loophole in Glossword 1.8.8 to 1.8.12, which stems from the unverified type of upload file, which may lead to any document upload and remote code execution.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

个人开发者

Published

2025-08-05

Last Modified

2026-02-24

References

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/ https://sourceforge.net/projects/glossword/ https://www.exploit-db.com/exploits/24548 https://github.com/glosswordteam/Glossword https://www.exploit-db.com/exploits/24456 https://www.vulncheck.com/advisories/glossword-arbitrary-file-upload-rce https://access.redhat.com/security/cve/cve-2013-10067