{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-20T08:27:49.220","vulnerabilities":[{"cve":{"id":"CVE-2013-10055","sourceIdentifier":"disclosure@vulncheck.com","published":"2025-08-01T21:15:27.473","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[{"sourceIdentifier":"disclosure@vulncheck.com","tags":["unsupported-when-assigned"]}],"descriptions":[{"lang":"en","value":"An unauthenticated arbitrary file upload vulnerability exists in Havalite CMS version 1.1.7 (and possibly earlier) in the upload.php script. The application fails to enforce proper file extension validation and authentication checks, allowing remote attackers to upload malicious PHP files via a crafted multipart/form-data POST request. Once uploaded, the attacker can access the file directly under havalite/tmp/files/, resulting in remote code execution."},{"lang":"es","value":"Existe una vulnerabilidad de carga arbitraria de archivos no autenticados en Havalite CMS versión 1.1.7 (y posiblemente anteriores) en el script upload.php. La aplicación no aplica las comprobaciones de validación y autenticación de la extensión de archivo, lo que permite a atacantes remotos cargar archivos PHP maliciosos mediante una solicitud POST multipart/form-data manipulada. Una vez cargado, el atacante puede acceder al archivo directamente en havalite/tmp/files/, lo que provoca la ejecución remota de código."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-434"}]}],"references":[{"url":"https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/havalite_upload_exec.rb","source":"disclosure@vulncheck.com"},{"url":"https://sourceforge.net/projects/havalite/","source":"disclosure@vulncheck.com"},{"url":"https://www.exploit-db.com/exploits/26243","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/havalite-cms-arbitary-file-upload-rce","source":"disclosure@vulncheck.com"},{"url":"https://www.exploit-db.com/exploits/26243","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}}]}