cbcvebase.
CVE-2013-1668
published 2014-05-23

CVE-2013-1668: The uploadFile function in upload/index.php in CosCMS before 1.822 allows remote administrators to execute arbitrary commands via shell metacharacters in the…

PriorityP260high8.5CVSS 2.0
AVNACMAuSCCICAC
EXPLOIT
EPSS
6.98%
93.3th percentile
The uploadFile function in upload/index.php in CosCMS before 1.822 allows remote administrators to execute arbitrary commands via shell metacharacters in the name of an uploaded file.

Affected

3 ranges
VendorProductVersion rangeFixed in
coscmscoscms<= 1.721
coscmscoscms
coscmscoscms

Detection & IOCsextracted from sources · hover to see the quote

url/gallery/upload/index
pathupload/index.php
filename1 & ls -la > file.txt
path/gallery/upload/file.txt
  • Monitor HTTP POST requests to /gallery/upload/index containing multipart/form-data where the 'file' field's filename parameter includes shell metacharacters (e.g., &, |, ;, >, <).
  • Inspect the $_FILES['file']['name'] value passed to PHP exec() in upload/index.php for shell metacharacters indicative of command injection.
  • Look for the multipart boundary pattern '-----------------------------21456260222104' in HTTP POST bodies as a PoC-specific artifact, though attackers may vary this value.
  • ·Successful exploitation requires the attacker to be authenticated with file upload privileges; user registration is disabled by default, limiting the attack surface to compromised or malicious admin accounts.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.