CVE-2013-10040
published 2025-07-31CVE-2013-10040: ClipBucket version 2.6 and earlier contains a critical vulnerability in the ofc_upload_image.php script located at /admin_area/charts/ofc-library/. This…
PriorityP276critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
2.48%
82.6th percentile
ClipBucket version 2.6 and earlier contains a critical vulnerability in the ofc_upload_image.php script located at /admin_area/charts/ofc-library/. This endpoint allows unauthenticated users to upload arbitrary files, including executable PHP scripts. Once uploaded, the attacker can access the file via a predictable path and trigger remote code execution.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| clip-bucket | clipbucket | <= 2.6 | — |
| clipbucket_llc | clipbucket | <= 2.6 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for unauthenticated HTTP POST requests targeting /admin_area/charts/ofc-library/ofc_upload_image.php, which is the vulnerable file upload endpoint requiring no authentication. ↗
- →Alert on PHP file uploads (e.g., .php extension) delivered to the /admin_area/charts/ofc-library/ directory, followed by subsequent GET/POST requests to the same path — indicative of upload-then-execute RCE pattern. ↗
- →Flag any web server process (e.g., Apache/nginx) spawning child processes (shells) originating from the /admin_area/charts/ofc-library/ directory, as this indicates successful RCE via the uploaded PHP webshell. ↗
- ·Exploitation confirmed on ClipBucket version 2.6 and earlier only; the Metasploit module was specifically tested on version 2.6 running on CentOS 5.9 32-bit — detection rules should be scoped accordingly. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv4.010.0CRITICALCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
2025-07-31
Published