CVE-2013-10067P2CRITICALCVSS 9.4PoC≥ 1.8.8, ≤ 1.8.122025-08-05
CVE-2013-10067 [CRITICAL] CWE-434 CVE-2013-10067: Glossword versions 1.8.8 through 1.8.12 contain an authenticated arbitrary file upload vulnerability
Glossword versions 1.8.8 through 1.8.12 contain an authenticated arbitrary file upload vulnerability. When deployed as a standalone application, the administrative interface (gw_admin.php) allows users with administrator privileges to upload files to the gw_temp/a/ directory. Due to insufficient validation of file type and path, attackers can uplo
nvd