Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2013-4898

EPSS 8.84% · P93
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2013-4898

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Unrestricted file upload vulnerability in the user profile page feature in the Timeline Plugin 4.2.5p9 for SocialEngine allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in public/temporary/timeline/.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
SocialEngine TimeLine插件权限许可和访问控制漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
SocialEngine是美国SocialEngine团队开发的一套基于PHP的社交网络软件。TimeLine是其中的一个时间轴插件,该插件可记录发布文章、照片、视频等内容的时间。 SocialEngine Timeline插件4.2.5p9版本中的‘user profile’页面中存在任意文件上传漏洞。远程攻击者通过上传可执行的扩展文件到public/temporary/timeline/目录利用该漏洞执行任意代码。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2013-4898

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2013-4898

登录查看更多情报信息。

Same Patch Batch · n/a · 2014-01-29 · 23 CVEs total

CVE-2014-1683Iconify SkyBlueCanvas‘index.php’格式化字符串漏洞
CVE-2014-0810JustSystems Sanshiro 安全漏洞
CVE-2013-6931Cybozu Garoon API SQL注入漏洞
CVE-2013-6930Cybozu Garoon page-navigation SQL注入漏洞
CVE-2013-6749IBM Lotus Quickr qp2.cab文件缓冲区溢出漏洞
CVE-2013-6748IBM Lotus Quickr qp2.cab文件缓冲区溢出漏洞
CVE-2013-2974IBM Tivoli Application Dependency Discovery Manager 权限许可和访问控制漏洞
CVE-2014-1692OpenSSH‘hash_buffer’函数缓冲区错误漏洞
CVE-2014-0682Cisco WebEx Meetings Server 权限许可和访问控制漏洞
CVE-2014-0681Cisco ISE 跨站脚本漏洞
CVE-2014-0680Cisco ISE NAC Web Agent 跨站脚本漏洞
CVE-2012-6086Zabbix ‘cURL’ API加密问题漏洞
CVE-2013-7318AlgoSec Firewall Analyzer 跨站脚本漏洞
CVE-2013-6141op5 Monitor 安全漏洞
CVE-2013-5092AlgoSec Firewall Analyzer 跨站脚本漏洞
CVE-2013-5005Tripwire Enterprise 跨站脚本漏洞
CVE-2013-4889Spring Signage Xibo 跨站请求伪造漏洞
CVE-2013-4888Spring Signage Xibo ’layout‘参数跨站脚本漏洞
CVE-2013-4887Spring Signage Xibo ‘displayid’参数SQL注入漏洞
CVE-2013-4662CiviCRM SQL注入漏洞

Showing top 20 of 23 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2013-4898

No comments yet

Leave a comment