CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2013-3631

NAS4Free 9.1.0.1.804 and earlier allows remote authenticated users to execute arbitrary PHP code via a request to exec.php, aka the "Advanced | Execute Command" feature. NOTE: this issue might not be a vulnerability, since it appears to be part of legitimate, intentionally-exposed functionality by the developer and is allowed within the intended security policy.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.568

EPSS Ranking 98.0%

CVSS Severity

CVSS v2 Score 6.0

References

http://www.kb.cert.org/vuls/id/326830
https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-tricks-and-treats
http://www.kb.cert.org/vuls/id/326830
https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-tricks-and-treats

Products affected by CVE-2013-3631

Nas4free » Nas4free » Version: 9.1.0.1.798

cpe:2.3:a:nas4free:nas4free:9.1.0.1.798
Nas4free » Nas4free » Version: 9.1.0.1.804

cpe:2.3:a:nas4free:nas4free:9.1.0.1.804

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2013-3631

Products

Pricing

Contact Us