{"api_version":"1","generated_at":"2026-07-16T20:52:12+00:00","cve":"CVE-2013-4465","urls":{"html":"https://cve.report/CVE-2013-4465","api":"https://cve.report/api/cve/CVE-2013-4465.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2013-4465","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2013-4465"},"summary":{"title":"CVE-2013-4465","description":"Unrestricted file upload vulnerability in the avatar upload functionality in Simple Machines Forum before 2.0.6 and 2.1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory.","state":"PUBLISHED","assigner":"redhat","published_at":"2013-10-25 23:55:04","updated_at":"2026-04-29 01:13:23"},"problem_types":["NVD-CWE-Other","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"4.6","severity":"","vector":"AV:N/AC:H/Au:S/C:P/I:P/A:P","data":{"version":"2.0","vectorString":"AV:N/AC:H/Au:S/C:P/I:P/A:P","baseScore":4.6,"accessVector":"NETWORK","accessComplexity":"HIGH","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"}}],"references":[{"url":"https://github.com/SimpleMachines/SMF2.1/issues/701","name":"https://github.com/SimpleMachines/SMF2.1/issues/701","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Remote Shell Upload Vulnerability · Issue #701 · SimpleMachines/SMF2.1 · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/63275","name":"http://www.securityfocus.com/bid/63275","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"SMF CVE-2013-4465 Unspecified Arbitrary File Upload Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://www.openwall.com/lists/oss-security/2013/10/23/6","name":"http://www.openwall.com/lists/oss-security/2013/10/23/6","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"oss-security - Re: CVE Request: Simple Machines Forum (SMF) Remote\n file inclusion vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.openwall.com/lists/oss-security/2013/10/25/3","name":"http://www.openwall.com/lists/oss-security/2013/10/25/3","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"oss-security - Re: CVE Request: Simple Machines Forum (SMF) Remote\n file inclusion vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://download.simplemachines.org/index.php?thanks%3Bfilename=smf_2-0-6_changelog.txt","name":"http://download.simplemachines.org/index.php?thanks%3Bfilename=smf_2-0-6_changelog.txt","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"SMF Downloads","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://download.simplemachines.org/index.php?thanks;filename=smf_2-0-6_changelog.txt","name":"CONFIRM:http://download.simplemachines.org/index.php?thanks;filename=smf_2-0-6_changelog.txt","refsource":"MITRE","tags":[],"title":"SMF Downloads","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2013-4465","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4465","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2013","cve_id":"4465","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"simplemachines","cpe5":"simple_machines_forum","cpe6":"1.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4465","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"simplemachines","cpe5":"simple_machines_forum","cpe6":"1.0.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4465","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"simplemachines","cpe5":"simple_machines_forum","cpe6":"1.0.10","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4465","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"simplemachines","cpe5":"simple_machines_forum","cpe6":"1.0.12","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4465","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"simplemachines","cpe5":"simple_machines_forum","cpe6":"1.0.13","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4465","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"simplemachines","cpe5":"simple_machines_forum","cpe6":"1.0.14","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4465","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"simplemachines","cpe5":"simple_machines_forum","cpe6":"1.0.15","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4465","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"simplemachines","cpe5":"simple_machines_forum","cpe6":"1.0.16","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4465","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"simplemachines","cpe5":"simple_machines_forum","cpe6":"1.0.17","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4465","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"simplemachines","cpe5":"simple_machines_forum","cpe6":"1.0.18","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4465","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"simplemachines","cpe5":"simple_machines_forum","cpe6":"1.0.19","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4465","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"simplemachines","cpe5":"simple_machines_forum","cpe6":"1.0.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4465","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"simplemachines","cpe5":"simple_machines_forum","cpe6":"1.0.20","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4465","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"simplemachines","cpe5":"simple_machines_forum","cpe6":"1.0.21","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4465","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"simplemachines","cpe5":"simple_machines_forum","cpe6":"1.0.22","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4465","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"simplemachines","cpe5":"simple_machines_forum","cpe6":"1.0.23","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4465","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"simplemachines","cpe5":"simple_machines_forum","cpe6":"1.0.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4465","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"simplemachines","cpe5":"simple_machines_forum","cpe6":"1.0.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4465","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"simplemachines","cpe5":"simple_machines_forum","cpe6":"1.0.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4465","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"simplemachines","cpe5":"simple_machines_forum","cpe6":"1.0.6","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4465","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"simplemachines","cpe5":"simple_machines_forum","cpe6":"1.0.7","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4465","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"simplemachines","cpe5":"simple_machines_forum","cpe6":"1.0.8","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4465","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"simplemachines","cpe5":"simple_machines_forum","cpe6":"1.0.9","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4465","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"simplemachines","cpe5":"simple_machines_forum","cpe6":"1.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4465","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"simplemachines","cpe5":"simple_machines_forum","cpe6":"1.1.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4465","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"simplemachines","cpe5":"simple_machines_forum","cpe6":"1.1.10","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4465","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"simplemachines","cpe5":"simple_machines_forum","cpe6":"1.1.11","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4465","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"simplemachines","cpe5":"simple_machines_forum","cpe6":"1.1.12","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4465","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"simplemachines","cpe5":"simple_machines_forum","cpe6":"1.1.13","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4465","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"simplemachines","cpe5":"simple_machines_forum","cpe6":"1.1.14","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4465","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"simplemachines","cpe5":"simple_machines_forum","cpe6":"1.1.15","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4465","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"simplemachines","cpe5":"simple_machines_forum","cpe6":"1.1.16","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4465","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"simplemachines","cpe5":"simple_machines_forum","cpe6":"1.1.17","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4465","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"simplemachines","cpe5":"simple_machines_forum","cpe6":"1.1.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4465","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"simplemachines","cpe5":"simple_machines_forum","cpe6":"1.1.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4465","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"simplemachines","cpe5":"simple_machines_forum","cpe6":"1.1.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4465","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"simplemachines","cpe5":"simple_machines_forum","cpe6":"1.1.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4465","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"simplemachines","cpe5":"simple_machines_forum","cpe6":"1.1.6","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4465","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"simplemachines","cpe5":"simple_machines_forum","cpe6":"1.1.7","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4465","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"simplemachines","cpe5":"simple_machines_forum","cpe6":"1.1.8","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4465","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"simplemachines","cpe5":"simple_machines_forum","cpe6":"1.1.9","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4465","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"simplemachines","cpe5":"simple_machines_forum","cpe6":"2.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4465","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"simplemachines","cpe5":"simple_machines_forum","cpe6":"2.0.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4465","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"simplemachines","cpe5":"simple_machines_forum","cpe6":"2.0.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4465","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"simplemachines","cpe5":"simple_machines_forum","cpe6":"2.0.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4465","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"simplemachines","cpe5":"simple_machines_forum","cpe6":"2.0.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4465","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"simplemachines","cpe5":"simple_machines_forum","cpe6":"2.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4465","vulnerable":"1","versionEndIncluding":"2.0.5","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"simplemachines","cpe5":"simple_machines_forum","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-06T16:45:14.621Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://github.com/SimpleMachines/SMF2.1/issues/701"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://download.simplemachines.org/index.php?thanks%3Bfilename=smf_2-0-6_changelog.txt"},{"name":"63275","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/63275"},{"name":"[oss-security] 20131024 Re: CVE Request: Simple Machines Forum (SMF) Remote file inclusion vulnerability","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"http://www.openwall.com/lists/oss-security/2013/10/25/3"},{"name":"[oss-security] 20131022 Re: CVE Request: Simple Machines Forum (SMF) Remote file inclusion vulnerability","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"http://www.openwall.com/lists/oss-security/2013/10/23/6"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"descriptions":[{"lang":"en","value":"Unrestricted file upload vulnerability in the avatar upload functionality in Simple Machines Forum before 2.0.6 and 2.1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2013-10-25T23:00:00.000Z","orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat"},"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://github.com/SimpleMachines/SMF2.1/issues/701"},{"tags":["x_refsource_CONFIRM"],"url":"http://download.simplemachines.org/index.php?thanks%3Bfilename=smf_2-0-6_changelog.txt"},{"name":"63275","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/63275"},{"name":"[oss-security] 20131024 Re: CVE Request: Simple Machines Forum (SMF) Remote file inclusion vulnerability","tags":["mailing-list","x_refsource_MLIST"],"url":"http://www.openwall.com/lists/oss-security/2013/10/25/3"},{"name":"[oss-security] 20131022 Re: CVE Request: Simple Machines Forum (SMF) Remote file inclusion vulnerability","tags":["mailing-list","x_refsource_MLIST"],"url":"http://www.openwall.com/lists/oss-security/2013/10/23/6"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"secalert@redhat.com","ID":"CVE-2013-4465","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Unrestricted file upload vulnerability in the avatar upload functionality in Simple Machines Forum before 2.0.6 and 2.1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"https://github.com/SimpleMachines/SMF2.1/issues/701","refsource":"CONFIRM","url":"https://github.com/SimpleMachines/SMF2.1/issues/701"},{"name":"http://download.simplemachines.org/index.php?thanks;filename=smf_2-0-6_changelog.txt","refsource":"CONFIRM","url":"http://download.simplemachines.org/index.php?thanks;filename=smf_2-0-6_changelog.txt"},{"name":"63275","refsource":"BID","url":"http://www.securityfocus.com/bid/63275"},{"name":"[oss-security] 20131024 Re: CVE Request: Simple Machines Forum (SMF) Remote file inclusion vulnerability","refsource":"MLIST","url":"http://www.openwall.com/lists/oss-security/2013/10/25/3"},{"name":"[oss-security] 20131022 Re: CVE Request: Simple Machines Forum (SMF) Remote file inclusion vulnerability","refsource":"MLIST","url":"http://www.openwall.com/lists/oss-security/2013/10/23/6"}]}}}},"cveMetadata":{"assignerOrgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","assignerShortName":"redhat","cveId":"CVE-2013-4465","datePublished":"2013-10-25T23:00:00.000Z","dateReserved":"2013-06-12T00:00:00.000Z","dateUpdated":"2024-09-16T22:09:41.285Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2013-10-25 23:55:04","lastModifiedDate":"2026-04-29 01:13:23","problem_types":["NVD-CWE-Other","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:H/Au:S/C:P/I:P/A:P","baseScore":4.6,"accessVector":"NETWORK","accessComplexity":"HIGH","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":3.9,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:simplemachines:simple_machines_forum:*:*:*:*:*:*:*:*","versionEndIncluding":"2.0.5","matchCriteriaId":"4AE3B1FA-5A5A-4261-A4DE-E68B96309997"},{"vulnerable":true,"criteria":"cpe:2.3:a:simplemachines:simple_machines_forum:1.0:*:*:*:*:*:*:*","matchCriteriaId":"68BFA80B-10BE-48FA-A9F8-8FC163BBD18D"},{"vulnerable":true,"criteria":"cpe:2.3:a:simplemachines:simple_machines_forum:1.0.1:*:*:*:*:*:*:*","matchCriteriaId":"5C8DC2DE-AC37-4494-ADEC-581D26A34AF9"},{"vulnerable":true,"criteria":"cpe:2.3:a:simplemachines:simple_machines_forum:1.0.2:*:*:*:*:*:*:*","matchCriteriaId":"11E23F5F-8068-4EBD-87C8-4B8F4F89CDB1"},{"vulnerable":true,"criteria":"cpe:2.3:a:simplemachines:simple_machines_forum:1.0.3:*:*:*:*:*:*:*","matchCriteriaId":"AA3A2DBF-6B9F-4B30-84F5-5AAB75B606C6"},{"vulnerable":true,"criteria":"cpe:2.3:a:simplemachines:simple_machines_forum:1.0.4:*:*:*:*:*:*:*","matchCriteriaId":"559D77F1-149B-4821-952E-2E06D5E3F69F"},{"vulnerable":true,"criteria":"cpe:2.3:a:simplemachines:simple_machines_forum:1.0.5:*:*:*:*:*:*:*","matchCriteriaId":"1126ED56-1AD9-49AC-9A49-3803912F127E"},{"vulnerable":true,"criteria":"cpe:2.3:a:simplemachines:simple_machines_forum:1.0.6:*:*:*:*:*:*:*","matchCriteriaId":"46B2AA68-7B2F-4AD3-982D-3CFCEA40643C"},{"vulnerable":true,"criteria":"cpe:2.3:a:simplemachines:simple_machines_forum:1.0.7:*:*:*:*:*:*:*","matchCriteriaId":"25A66112-67BE-4103-975F-D198698BE50C"},{"vulnerable":true,"criteria":"cpe:2.3:a:simplemachines:simple_machines_forum:1.0.8:*:*:*:*:*:*:*","matchCriteriaId":"45E1F0FF-F232-4275-ADB7-F94AA3EE8964"},{"vulnerable":true,"criteria":"cpe:2.3:a:simplemachines:simple_machines_forum:1.0.9:*:*:*:*:*:*:*","matchCriteriaId":"5FB14433-1E1A-4FA9-894F-3D79443DE5AB"},{"vulnerable":true,"criteria":"cpe:2.3:a:simplemachines:simple_machines_forum:1.0.10:*:*:*:*:*:*:*","matchCriteriaId":"A97C8C51-68F1-459D-B03C-B213F68654E1"},{"vulnerable":true,"criteria":"cpe:2.3:a:simplemachines:simple_machines_forum:1.0.12:*:*:*:*:*:*:*","matchCriteriaId":"54B195D4-40DB-49F5-9AC4-B83D99DE1981"},{"vulnerable":true,"criteria":"cpe:2.3:a:simplemachines:simple_machines_forum:1.0.13:*:*:*:*:*:*:*","matchCriteriaId":"60F37A70-AA61-4AE0-8920-15ACBE1AEA85"},{"vulnerable":true,"criteria":"cpe:2.3:a:simplemachines:simple_machines_forum:1.0.14:*:*:*:*:*:*:*","matchCriteriaId":"D3C4BC27-5F7E-474E-B474-BFDABFE173FA"},{"vulnerable":true,"criteria":"cpe:2.3:a:simplemachines:simple_machines_forum:1.0.15:*:*:*:*:*:*:*","matchCriteriaId":"6877EF64-339A-47F6-835D-DC558B3619F5"},{"vulnerable":true,"criteria":"cpe:2.3:a:simplemachines:simple_machines_forum:1.0.16:*:*:*:*:*:*:*","matchCriteriaId":"6986D103-9B4A-47B5-BAF6-FDA81FC16158"},{"vulnerable":true,"criteria":"cpe:2.3:a:simplemachines:simple_machines_forum:1.0.17:*:*:*:*:*:*:*","matchCriteriaId":"4D15A07F-5513-4925-8312-0603EAF387D2"},{"vulnerable":true,"criteria":"cpe:2.3:a:simplemachines:simple_machines_forum:1.0.18:*:*:*:*:*:*:*","matchCriteriaId":"575B6D4F-D694-4DED-AEBB-D34629D41FC8"},{"vulnerable":true,"criteria":"cpe:2.3:a:simplemachines:simple_machines_forum:1.0.19:*:*:*:*:*:*:*","matchCriteriaId":"62AAD1A1-BB63-4918-B025-3E1ECACDC6FF"},{"vulnerable":true,"criteria":"cpe:2.3:a:simplemachines:simple_machines_forum:1.0.20:*:*:*:*:*:*:*","matchCriteriaId":"4643B638-C3F6-4CFC-9501-8D7FDC287C8D"},{"vulnerable":true,"criteria":"cpe:2.3:a:simplemachines:simple_machines_forum:1.0.21:*:*:*:*:*:*:*","matchCriteriaId":"3350A780-870C-4482-879B-1F80676CE2F7"},{"vulnerable":true,"criteria":"cpe:2.3:a:simplemachines:simple_machines_forum:1.0.22:*:*:*:*:*:*:*","matchCriteriaId":"5BE07B07-9CD5-4F30-8F51-A79CCD467FEC"},{"vulnerable":true,"criteria":"cpe:2.3:a:simplemachines:simple_machines_forum:1.0.23:*:*:*:*:*:*:*","matchCriteriaId":"7087FAD5-5063-4258-84E4-8B430D05AF3A"},{"vulnerable":true,"criteria":"cpe:2.3:a:simplemachines:simple_machines_forum:1.1:*:*:*:*:*:*:*","matchCriteriaId":"9BF1364E-1796-43B5-941A-052E3FA63EC6"},{"vulnerable":true,"criteria":"cpe:2.3:a:simplemachines:simple_machines_forum:1.1.1:*:*:*:*:*:*:*","matchCriteriaId":"F48ABB45-0DD0-4113-B998-E27D246317A8"},{"vulnerable":true,"criteria":"cpe:2.3:a:simplemachines:simple_machines_forum:1.1.2:*:*:*:*:*:*:*","matchCriteriaId":"ACEC624B-F259-4A57-8E75-36101B15AC29"},{"vulnerable":true,"criteria":"cpe:2.3:a:simplemachines:simple_machines_forum:1.1.3:*:*:*:*:*:*:*","matchCriteriaId":"8B533493-36FF-47D2-9924-7277BA3550E4"},{"vulnerable":true,"criteria":"cpe:2.3:a:simplemachines:simple_machines_forum:1.1.4:*:*:*:*:*:*:*","matchCriteriaId":"08D81C9A-5DB5-491B-AF8A-FD87E7A7ACC0"},{"vulnerable":true,"criteria":"cpe:2.3:a:simplemachines:simple_machines_forum:1.1.5:*:*:*:*:*:*:*","matchCriteriaId":"CA96EA1B-256C-4E42-999B-B2EC30A82E82"},{"vulnerable":true,"criteria":"cpe:2.3:a:simplemachines:simple_machines_forum:1.1.6:*:*:*:*:*:*:*","matchCriteriaId":"39376239-D851-4614-9F54-4DE077DA2BB6"},{"vulnerable":true,"criteria":"cpe:2.3:a:simplemachines:simple_machines_forum:1.1.7:*:*:*:*:*:*:*","matchCriteriaId":"3BEBAF17-902E-441A-AE39-A2457522866B"},{"vulnerable":true,"criteria":"cpe:2.3:a:simplemachines:simple_machines_forum:1.1.8:*:*:*:*:*:*:*","matchCriteriaId":"7223B467-DFEC-4D01-9FA4-537151DBD0CC"},{"vulnerable":true,"criteria":"cpe:2.3:a:simplemachines:simple_machines_forum:1.1.9:*:*:*:*:*:*:*","matchCriteriaId":"9FDDA21E-F192-45A0-8E53-1CDC614D58B1"},{"vulnerable":true,"criteria":"cpe:2.3:a:simplemachines:simple_machines_forum:1.1.10:*:*:*:*:*:*:*","matchCriteriaId":"6932E5C3-47C2-414B-8D79-A2FC70C9DE97"},{"vulnerable":true,"criteria":"cpe:2.3:a:simplemachines:simple_machines_forum:1.1.11:*:*:*:*:*:*:*","matchCriteriaId":"9CD39E15-2741-4B54-B78D-F5C4FBF596DB"},{"vulnerable":true,"criteria":"cpe:2.3:a:simplemachines:simple_machines_forum:1.1.12:*:*:*:*:*:*:*","matchCriteriaId":"880D38A1-308F-46F4-A3D9-4278506CD84C"},{"vulnerable":true,"criteria":"cpe:2.3:a:simplemachines:simple_machines_forum:1.1.13:*:*:*:*:*:*:*","matchCriteriaId":"D2A709B4-EBAE-4B45-BA9C-F3FB1A787790"},{"vulnerable":true,"criteria":"cpe:2.3:a:simplemachines:simple_machines_forum:1.1.14:*:*:*:*:*:*:*","matchCriteriaId":"DA543E42-55B7-454A-8E65-017DD537DDBB"},{"vulnerable":true,"criteria":"cpe:2.3:a:simplemachines:simple_machines_forum:1.1.15:*:*:*:*:*:*:*","matchCriteriaId":"C5863684-6E4F-4972-B853-A8CECE8FC101"},{"vulnerable":true,"criteria":"cpe:2.3:a:simplemachines:simple_machines_forum:1.1.16:*:*:*:*:*:*:*","matchCriteriaId":"6EACAE2B-9ADD-4B3E-9770-F4EEE4F29862"},{"vulnerable":true,"criteria":"cpe:2.3:a:simplemachines:simple_machines_forum:1.1.17:*:*:*:*:*:*:*","matchCriteriaId":"65ECB5EA-AFC0-4B1D-84E2-22F90A0A728A"},{"vulnerable":true,"criteria":"cpe:2.3:a:simplemachines:simple_machines_forum:2.0:*:*:*:*:*:*:*","matchCriteriaId":"DA503D5C-94A2-43F3-B70A-07539A834850"},{"vulnerable":true,"criteria":"cpe:2.3:a:simplemachines:simple_machines_forum:2.0.1:*:*:*:*:*:*:*","matchCriteriaId":"EDC7978C-B3BE-479C-8733-DDD5100A9CE8"},{"vulnerable":true,"criteria":"cpe:2.3:a:simplemachines:simple_machines_forum:2.0.2:*:*:*:*:*:*:*","matchCriteriaId":"0FBD4174-51EE-4A3A-AE72-297F33F09905"},{"vulnerable":true,"criteria":"cpe:2.3:a:simplemachines:simple_machines_forum:2.0.3:*:*:*:*:*:*:*","matchCriteriaId":"FE7AD0D1-655E-41F7-B40D-B62DAF96D124"},{"vulnerable":true,"criteria":"cpe:2.3:a:simplemachines:simple_machines_forum:2.0.4:*:*:*:*:*:*:*","matchCriteriaId":"16A5363B-BB3B-4F51-9DA3-6136E3E79760"},{"vulnerable":true,"criteria":"cpe:2.3:a:simplemachines:simple_machines_forum:2.1:*:*:*:*:*:*:*","matchCriteriaId":"774F215A-067D-4597-9EA0-B5393F089062"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2013","CveId":"4465","Ordinal":"1","Title":"CVE-2013-4465","CVE":"CVE-2013-4465","Year":"2013"},"notes":[{"CveYear":"2013","CveId":"4465","Ordinal":"1","NoteData":"Unrestricted file upload vulnerability in the avatar upload functionality in Simple Machines Forum before 2.0.6 and 2.1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory.","Type":"Description","Title":"CVE-2013-4465"},{"CveYear":"2013","CveId":"4465","Ordinal":"2","NoteData":"2013-10-25","Type":"Other","Title":"Published"}]}}}