CVE-2013-10038 Information

Aug 01, 2025 cve

Description

An unauthenticated arbitrary file upload vulnerability exists in FlashChat versions 6.0.2 and 6.0.4 through 6.0.8. The upload.php endpoint fails to properly validate file types and authentication allowing attackers to upload malicious PHP scripts. Once uploaded these scripts can be executed remotely resulting in arbitrary code execution as the web server user.

Reference

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/flashchat_upload_exec.rb https://www.exploit-db.com/exploits/28709 https://www.fortiguard.com/encyclopedia/ips/37342/flashchat-arbitrary-file-upload https://www.phpbb.com/community/viewtopic.php?t=2627786 https://www.vulncheck.com/advisories/flashchat-arbitrary-file-upload-rce

CNNVD-202507-3904 (Published: 2025-07-31)

Share on:

CVE-2013-10038 Information

Description

Reference

Related CNNVD