CVE-2013-10055
Havalite CMS Arbitary File Upload RCE
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
An unauthenticated arbitrary file upload vulnerability exists in Havalite CMS version 1.1.7 (and possibly earlier) in the upload.php script. The application fails to enforce proper file extension validation and authentication checks, allowing remote attackers to upload malicious PHP files via a crafted multipart/form-data POST request. Once uploaded, the attacker can access the file directly under havalite/tmp/files/, resulting in remote code execution.
| CWE | CWE-434 |
| Vendor | havalite cms |
| Product | havalite cms |
| Published | Aug 1, 2025 |
| Last Updated | Apr 7, 2026 |
Stay Ahead of the Next One
Get instant alerts for havalite cms havalite cms
Be the first to know when new unknown vulnerabilities affecting havalite cms havalite cms are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
Havalite CMS / Havalite CMS
1.1.7
References
raw.githubusercontent.com: https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/havalite_upload_exec.rb exploit-db.com: https://www.exploit-db.com/exploits/26243 sourceforge.net: https://sourceforge.net/projects/havalite/ vulncheck.com: https://www.vulncheck.com/advisories/havalite-cms-arbitary-file-upload-rce
Credits
CWH sinn3r