cbcvebase.
CVE-2013-10054
published 2025-08-04

CVE-2013-10054: An unauthenticated arbitrary file upload vulnerability exists in LibrettoCMS version 1.1.7 (and possibly earlier) contains an unauthenticated arbitrary file…

PriorityP273critical9.3CVSS 4.0
AVNACLATNPRNUINVCHVIHVAHSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EXPLOIT
EPSS
1.60%
72.7th percentile
An unauthenticated arbitrary file upload vulnerability exists in LibrettoCMS version 1.1.7 (and possibly earlier) contains an unauthenticated arbitrary file upload vulnerability in its File Manager plugin. The upload handler located at adm/ui/js/ckeditor/plugins/pgrfilemanager/php/upload.php fails to properly validate file extensions, allowing attackers to upload files with misleading extensions and subsequently rename them to executable .php scripts. This enables remote code execution on the server without authentication.

Affected

1 ranges
VendorProductVersion rangeFixed in
librettocmslibrettocms

Detection & IOCsextracted from sources · hover to see the quote

pathadm/ui/js/ckeditor/plugins/pgrfilemanager/php/upload.php
urlhttps://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/libretto_upload_exec.rb
  • Monitor for unauthenticated POST requests to the upload handler path adm/ui/js/ckeditor/plugins/pgrfilemanager/php/upload.php, especially from unauthenticated sessions.
  • Detect file rename operations within the pgrfilemanager plugin that result in a .php extension, which is the second stage of the exploit after initial upload with a misleading extension.
  • Alert on new .php files appearing under the CKEditor pgrfilemanager plugin directory tree, as this is the expected drop location for webshells.
  • ·The vulnerability affects LibrettoCMS 1.1.7 and possibly earlier versions; the exact lower bound of affected versions is unconfirmed.
  • ·No authentication is required to trigger the vulnerability, meaning network-level authentication controls are insufficient as a sole mitigation.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.