CVE-2013-10047
MiniWeb <= Build 300 Arbitrary File Upload
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
An unrestricted file upload vulnerability exists in MiniWeb HTTP Server <= Build 300 that allows unauthenticated remote attackers to upload arbitrary files to the serverβs filesystem. By abusing the upload handler and crafting a traversal path, an attacker can place a malicious .exe in system32, followed by a .mof file in the WMI directory. This triggers execution of the payload with SYSTEM privileges via the Windows Management Instrumentation service. The exploit is only viable on Windows versions prior to Vista.
| CWE | CWE-434 |
| Vendor | miniweb |
| Product | miniweb |
| Published | Aug 1, 2025 |
| Last Updated | Apr 7, 2026 |
Stay Ahead of the Next One
Get instant alerts for miniweb miniweb
Be the first to know when new unknown vulnerabilities affecting miniweb miniweb are published β delivered to Slack, Telegram or Discord.
Get Free Alerts β
Free Β· No credit card Β· 60 sec setup
Affected Versions
MiniWeb / MiniWeb
* β€ Build 300
References
raw.githubusercontent.com: https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/http/miniweb_upload_wbem.rb exploit-db.com: https://www.exploit-db.com/exploits/27607 sourceforge.net: https://sourceforge.net/projects/miniweb/ vulncheck.com: https://www.vulncheck.com/advisories/miniweb-arbitrary-file-upload
Credits
AkaStep