Search criteria
2 vulnerabilities found for EDMS by Kordil
CVE-2013-10066 (GCVE-0-2013-10066)
Vulnerability from cvelistv5 – Published: 2025-08-05 20:02 – Updated: 2025-11-21 00:22 Unsupported When Assigned
VLAI?
Title
Kordil EDMS v2.2.60rc3 Unauthenticated Arbitrary File Upload
Summary
An unauthenticated arbitrary file upload vulnerability exists in Kordil EDMS v2.2.60rc3. The application exposes an upload endpoint (users_add.php) that allows attackers to upload files to the /userpictures/ directory without authentication. This flaw enables remote code execution by uploading a PHP payload and invoking it via a direct HTTP request.
Severity ?
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Credits
bcoles
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2013-10066",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-07T13:50:38.439705Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-07T13:50:54.846Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/24547"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"users_add.php"
],
"product": "EDMS",
"vendor": "Kordil",
"versions": [
{
"status": "affected",
"version": "2.2.60rc3"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kordil_edms_project:kordil_edms:2.2.60rc3:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "bcoles"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn unauthenticated arbitrary file upload vulnerability exists in\u0026nbsp;\u003c/span\u003eKordil EDMS v2.2.60rc3. The application exposes an upload endpoint\u0026nbsp;(\u003ccode\u003eusers_add.php\u003c/code\u003e) that allows attackers to upload files to the \u003ccode\u003e/userpictures/\u003c/code\u003e directory without authentication. This flaw enables remote code execution by uploading a PHP payload and invoking it via a direct HTTP request.\u003c/p\u003e"
}
],
"value": "An unauthenticated arbitrary file upload vulnerability exists in\u00a0Kordil EDMS v2.2.60rc3. The application exposes an upload endpoint\u00a0(users_add.php) that allows attackers to upload files to the /userpictures/ directory without authentication. This flaw enables remote code execution by uploading a PHP payload and invoking it via a direct HTTP request."
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-21T00:22:10.438Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/kordil_edms_upload_exec.rb"
},
{
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/24547"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.juniper.net/us/en/threatlabs/ips-signatures/detail.APP:MSF-KORDIL-EDMS-AFU.html"
},
{
"tags": [
"product"
],
"url": "https://sourceforge.net/projects/kordiledms/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/kordil-edms-unauth-arbitrary-file-upload"
}
],
"source": {
"discovery": "UNKNOWN"
},
"tags": [
"unsupported-when-assigned"
],
"title": "Kordil EDMS v2.2.60rc3 Unauthenticated Arbitrary File Upload",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2013-10066",
"datePublished": "2025-08-05T20:02:54.434Z",
"dateReserved": "2025-08-05T13:49:05.236Z",
"dateUpdated": "2025-11-21T00:22:10.438Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2013-10066 (GCVE-0-2013-10066)
Vulnerability from nvd – Published: 2025-08-05 20:02 – Updated: 2025-11-21 00:22 Unsupported When Assigned
VLAI?
Title
Kordil EDMS v2.2.60rc3 Unauthenticated Arbitrary File Upload
Summary
An unauthenticated arbitrary file upload vulnerability exists in Kordil EDMS v2.2.60rc3. The application exposes an upload endpoint (users_add.php) that allows attackers to upload files to the /userpictures/ directory without authentication. This flaw enables remote code execution by uploading a PHP payload and invoking it via a direct HTTP request.
Severity ?
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Credits
bcoles
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2013-10066",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-07T13:50:38.439705Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-07T13:50:54.846Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/24547"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"users_add.php"
],
"product": "EDMS",
"vendor": "Kordil",
"versions": [
{
"status": "affected",
"version": "2.2.60rc3"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kordil_edms_project:kordil_edms:2.2.60rc3:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "bcoles"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn unauthenticated arbitrary file upload vulnerability exists in\u0026nbsp;\u003c/span\u003eKordil EDMS v2.2.60rc3. The application exposes an upload endpoint\u0026nbsp;(\u003ccode\u003eusers_add.php\u003c/code\u003e) that allows attackers to upload files to the \u003ccode\u003e/userpictures/\u003c/code\u003e directory without authentication. This flaw enables remote code execution by uploading a PHP payload and invoking it via a direct HTTP request.\u003c/p\u003e"
}
],
"value": "An unauthenticated arbitrary file upload vulnerability exists in\u00a0Kordil EDMS v2.2.60rc3. The application exposes an upload endpoint\u00a0(users_add.php) that allows attackers to upload files to the /userpictures/ directory without authentication. This flaw enables remote code execution by uploading a PHP payload and invoking it via a direct HTTP request."
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-21T00:22:10.438Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/kordil_edms_upload_exec.rb"
},
{
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/24547"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.juniper.net/us/en/threatlabs/ips-signatures/detail.APP:MSF-KORDIL-EDMS-AFU.html"
},
{
"tags": [
"product"
],
"url": "https://sourceforge.net/projects/kordiledms/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/kordil-edms-unauth-arbitrary-file-upload"
}
],
"source": {
"discovery": "UNKNOWN"
},
"tags": [
"unsupported-when-assigned"
],
"title": "Kordil EDMS v2.2.60rc3 Unauthenticated Arbitrary File Upload",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2013-10066",
"datePublished": "2025-08-05T20:02:54.434Z",
"dateReserved": "2025-08-05T13:49:05.236Z",
"dateUpdated": "2025-11-21T00:22:10.438Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}