We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2013-10040

ClipBucket <= 2.6 ofc_upload_image.php Arbitrary File Upload RCE



Description

ClipBucket version 2.6 and earlier contains a critical vulnerability in the ofc_upload_image.php script located at /admin_area/charts/ofc-library/. This endpoint allows unauthenticated users to upload arbitrary files, including executable PHP scripts. Once uploaded, the attacker can access the file via a predictable path and trigger remote code execution.

Reserved 2025-07-30 | Published 2025-07-31 | Updated 2025-07-31 | Assigner VulnCheck


CRITICAL: 10.0CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Problem types

CWE-434 Unrestricted Upload of File with Dangerous Type

Product status

Default status
unaffected

*
affected

Credits

Gabby finder

References

raw.githubusercontent.com/...ebapp/clipbucket_upload_exec.rb exploit

packetstorm.news/files/id/123480 exploit

github.com/arslancb/clipbucket product

clipbucket.com/ product

www.vulncheck.com/...es/clipbucket-arbitrary-file-upload-rce third-party-advisory

cve.org (CVE-2013-10040)

nvd.nist.gov (CVE-2013-10040)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2013-10040

Support options

Helpdesk Chat, Email, Knowledgebase