CVE-2013-3590

Published: Aug 28, 2013Modified: Apr 29, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

Unrestricted file upload vulnerability in admin/uploadImage.html in SearchBlox before 7.5 build 1 allows remote attackers to execute arbitrary code by uploading an executable file with the image/jpeg content type, and then accessing this file via unspecified vectors, as demonstrated by access to a JSP file.

Affected (10)

Products: Searchblox: Searchblox

Searchblox

1 product

Searchblox

Configuration A

10 vulnerable

Vulnerable Software	Affected Versions
Searchblox Searchblox	Up to 7.5
Searchblox Searchblox	Version 6.2 build_1
Searchblox Searchblox	Version 6.3 build_1
Searchblox Searchblox	Version 6.4 build_1
Searchblox Searchblox	Version 6.4 build_2
Searchblox Searchblox	Version 7.0
Searchblox Searchblox	Version 7.1
Searchblox Searchblox	Version 7.2
Searchblox Searchblox	Version 7.3
Searchblox Searchblox	Version 7.4

References (6)

http://buddhalabs.com/Advisories/WebAdvisories.html

Source: cret@cert.org

http://www.kb.cert.org/vuls/id/592942

Source: cret@cert.org

US Government Resource

http://www.searchblox.com/developers-2/change-log

Source: cret@cert.org

http://buddhalabs.com/Advisories/WebAdvisories.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.kb.cert.org/vuls/id/592942

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

http://www.searchblox.com/developers-2/change-log

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.