CVE-2013-3590 | Vulnerability Database | Aqua Security

Unrestricted file upload vulnerability in admin/uploadImage.html in SearchBlox before 7.5 build 1 allows remote attackers to execute arbitrary code by uploading an executable file with the image/jpeg content type, and then accessing this file via unspecified vectors, as demonstrated by access to a JSP file.

Affected Software

Name	Vendor	Start Version	End Version
Searchblox	Searchblox	*	7.5 (including)
Searchblox	Searchblox	6.2-build_1 (including)	6.2-build_1 (including)
Searchblox	Searchblox	6.3-build_1 (including)	6.3-build_1 (including)
Searchblox	Searchblox	6.4-build_1 (including)	6.4-build_1 (including)
Searchblox	Searchblox	6.4-build_2 (including)	6.4-build_2 (including)
Searchblox	Searchblox	7.0 (including)	7.0 (including)
Searchblox	Searchblox	7.1 (including)	7.1 (including)
Searchblox	Searchblox	7.2 (including)	7.2 (including)
Searchblox	Searchblox	7.3 (including)	7.3 (including)
Searchblox	Searchblox	7.4 (including)	7.4 (including)

References

http://buddhalabs.com/Advisories/WebAdvisories.html
http://www.kb.cert.org/vuls/id/592942
http://www.searchblox.com/developers-2/change-log

NVD	https://nvd.nist.gov/vuln/detail/CVE-2013-3590
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html