CVE-2013-10066 PUBLISHED

Kordil EDMS v2.2.60rc3 Unauthenticated Arbitrary File Upload

Assigner: VulnCheck
Reserved: 05.08.2025 Published: 05.08.2025 Updated: 07.08.2025

An unauthenticated arbitrary file upload vulnerability exists in Kordil EDMS v2.2.60rc3. The application exposes an upload endpoint (users_add.php) that allows attackers to upload files to the /userpictures/ directory without authentication. This flaw enables remote code execution by uploading a PHP payload and invoking it via a direct HTTP request.

Metrics

CVSS 4.0

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
CVSS Score: 10

Exploitability Metrics		Vulnerable System Impact Metrics		Subsequent System Impact Metrics
Attack Vector	Network	Confidentiality	High	Confidentiality	High
Attack Complexity	Low	Integrity	High	Integrity	High
Attack Requirements	None	Availability	High	Availability	High
Privileges Required	None
User Interaction	None

CVSS 4.0

Product Status

Vendor	Kordil
Product	EDMS
Versions	Default: unknown Version 2.2.60rc3 is affected

Credits

bcoles finder

References

Problem Types

CWE-434 Unrestricted Upload of File with Dangerous Type CWE

Impacts

CAPEC-242 Code Injection