Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-af16-fznf-9kbc
SummaryAn unauthenticated arbitrary file upload vulnerability exists in Havalite CMS version 1.1.7 (and possibly earlier) in the upload.php script. The application fails to enforce proper file extension validation and authentication checks, allowing remote attackers to upload malicious PHP files via a crafted multipart/form-data POST request. Once uploaded, the attacker can access the file directly under havalite/tmp/files/, resulting in remote code execution.
Aliases
0
alias CVE-2013-10055
Fixed_packages
Affected_packages
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-10055
reference_id
reference_type
scores
0
value 0.83702
scoring_system epss
scoring_elements 0.99309
published_at 2026-06-11T12:55:00Z
1
value 0.83702
scoring_system epss
scoring_elements 0.99313
published_at 2026-06-13T12:55:00Z
2
value 0.83702
scoring_system epss
scoring_elements 0.99312
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-10055
1
reference_url https://www.exploit-db.com/exploits/26243
reference_id 26243
reference_type
scores
0
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-08-04T14:20:04Z/
url https://www.exploit-db.com/exploits/26243
2
reference_url https://sourceforge.net/projects/havalite/
reference_id havalite
reference_type
scores
0
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-08-04T14:20:04Z/
url https://sourceforge.net/projects/havalite/
3
reference_url https://www.vulncheck.com/advisories/havalite-cms-arbitary-file-upload-rce
reference_id havalite-cms-arbitary-file-upload-rce
reference_type
scores
0
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-08-04T14:20:04Z/
url https://www.vulncheck.com/advisories/havalite-cms-arbitary-file-upload-rce
4
reference_url https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/havalite_upload_exec.rb
reference_id havalite_upload_exec.rb
reference_type
scores
0
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-08-04T14:20:04Z/
url https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/havalite_upload_exec.rb
Weaknesses
0
cwe_id 434
name Unrestricted Upload of File with Dangerous Type
description The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.
Exploits
0
date_added null
description 
This module exploits a file upload vulnerability found in Havalite CMS 1.1.7, and
          possibly prior.  Attackers can abuse the upload feature in order to upload a
          malicious PHP file without authentication, which results in arbitrary remote code
          execution.
required_action null
due_date null
notes 
Reliability:
  - unknown-reliability
Stability:
  - unknown-stability
SideEffects:
  - unknown-side-effects
known_ransomware_campaign_use false
source_date_published 2013-06-17
exploit_type null
platform Linux,PHP
source_date_updated null
data_source Metasploit
source_url https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/unix/webapp/havalite_upload_exec.rb
Severity_range_score9.3 - 9.3
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-af16-fznf-9kbc