cbcvebase.
CVE-2013-10040
published 2025-07-31

CVE-2013-10040: ClipBucket version 2.6 and earlier contains a critical vulnerability in the ofc_upload_image.php script located at /admin_area/charts/ofc-library/. This…

PriorityP276critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
2.48%
82.6th percentile
ClipBucket version 2.6 and earlier contains a critical vulnerability in the ofc_upload_image.php script located at /admin_area/charts/ofc-library/. This endpoint allows unauthenticated users to upload arbitrary files, including executable PHP scripts. Once uploaded, the attacker can access the file via a predictable path and trigger remote code execution.

Affected

2 ranges
VendorProductVersion rangeFixed in
clip-bucketclipbucket<= 2.6
clipbucket_llcclipbucket<= 2.6

Detection & IOCsextracted from sources · hover to see the quote

path/admin_area/charts/ofc-library/ofc_upload_image.php
path/admin_area/charts/ofc-library/
  • Monitor for unauthenticated HTTP POST requests targeting /admin_area/charts/ofc-library/ofc_upload_image.php, which is the vulnerable file upload endpoint requiring no authentication.
  • Alert on PHP file uploads (e.g., .php extension) delivered to the /admin_area/charts/ofc-library/ directory, followed by subsequent GET/POST requests to the same path — indicative of upload-then-execute RCE pattern.
  • Flag any web server process (e.g., Apache/nginx) spawning child processes (shells) originating from the /admin_area/charts/ofc-library/ directory, as this indicates successful RCE via the uploaded PHP webshell.
  • ·Exploitation confirmed on ClipBucket version 2.6 and earlier only; the Metasploit module was specifically tested on version 2.6 running on CentOS 5.9 32-bit — detection rules should be scoped accordingly.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv4.010.0CRITICALCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.