cbcvebase.
CVE-2013-6127
published 2013-10-25

CVE-2013-6127: The SUPERGRIDLib.SuperGrid ActiveX control in SuperGrid.ocx before 65.30.30000.10002 in WellinTech KingView before 6.53 does not properly restrict…

PriorityP346medium5.8CVSS 2.0
AVNACMAuNCNIPAP
EXPLOIT
EPSS
13.91%
96.1th percentile
The SUPERGRIDLib.SuperGrid ActiveX control in SuperGrid.ocx before 65.30.30000.10002 in WellinTech KingView before 6.53 does not properly restrict ReplaceDBFile method calls, which allows remote attackers to create or overwrite arbitrary files, and subsequently execute arbitrary programs, via the two pathname arguments, as demonstrated by a directory traversal attack.

Affected

3 ranges
VendorProductVersion rangeFixed in
wellintechkingview<= 6.53
wellintechkingview
wellintechkingview
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.