An unauthenticated arbitrary file upload vulnerability exists in Kordil EDMS v2.2.60rc3. The application exposes an upload endpoint (users_add.php) that allows attackers to upload files to the /userpictures/ directory without authentication. This flaw enables remote code execution by uploading a PHP payload and invoking it via a direct HTTP request.
History

Thu, 07 Aug 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Thu, 07 Aug 2025 07:15:00 +0000

Type Values Removed Values Added
First Time appeared Kordil Edms Project
Kordil Edms Project kordil Edms
Vendors & Products Kordil Edms Project
Kordil Edms Project kordil Edms

Tue, 05 Aug 2025 20:15:00 +0000

Type Values Removed Values Added
Description An unauthenticated arbitrary file upload vulnerability exists in Kordil EDMS v2.2.60rc3. The application exposes an upload endpoint (users_add.php) that allows attackers to upload files to the /userpictures/ directory without authentication. This flaw enables remote code execution by uploading a PHP payload and invoking it via a direct HTTP request.
Title Kordil EDMS v2.2.60rc3 Unauthenticated Arbitrary File Upload
Weaknesses CWE-434
References
Metrics cvssV4_0

{'score': 10, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published: 2025-08-05T20:02:54.434Z

Updated: 2025-08-07T13:50:54.846Z

Reserved: 2025-08-05T13:49:05.236Z

Link: CVE-2013-10066

cve-icon Vulnrichment

Updated: 2025-08-07T13:50:51.276Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-08-05T20:15:35.237

Modified: 2025-08-07T14:15:40.560

Link: CVE-2013-10066

cve-icon Redhat

No data.