CVE-2013-10067 in Glossword
Summary
by MITRE • 08/05/2025
Glossword versions 1.8.8 through 1.8.12 contain an authenticated arbitrary file upload vulnerability. When deployed as a standalone application, the administrative interface (gw_admin.php) allows users with administrator privileges to upload files to the gw_temp/a/ directory. Due to insufficient validation of file type and path, attackers can upload and execute PHP payloads, resulting in remote code execution.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 08/07/2025
The vulnerability identified as CVE-2013-10067 represents a critical authenticated arbitrary file upload flaw in Glossword versions 1.8.8 through 1.8.12. This issue arises from inadequate input validation mechanisms within the administrative interface of the application, specifically affecting the gw_admin.php component that serves as the primary management portal for system administrators. The vulnerability is particularly concerning because it requires only administrative credentials to exploit, making it accessible to attackers who have gained access to legitimate administrative accounts or have managed to compromise such credentials through other means.
The technical exploitation of this vulnerability stems from the application's failure to properly validate file types and paths during the upload process within the gw_temp/a/ directory. This directory serves as a temporary storage location where uploaded files are processed before being moved to their final destinations. The insufficient validation allows attackers to upload PHP payload files that can be executed within the web server context, effectively providing a direct path to remote code execution. The vulnerability manifests when the application processes file uploads without proper sanitization of file extensions, MIME types, or file contents, enabling malicious file uploads to bypass security controls that should prevent execution of potentially harmful code.
From an operational impact perspective, this vulnerability creates a severe risk landscape for organizations utilizing affected Glossword installations. Successful exploitation allows attackers to execute arbitrary code on the target system with the privileges of the web server process, potentially leading to complete system compromise. The vulnerability enables attackers to upload backdoor scripts, web shells, or other malicious payloads that can be used for persistent access, data exfiltration, or further exploitation of the network environment. Additionally, the authenticated nature of the vulnerability means that attackers do not require external network access to exploit this flaw, as they can leverage existing administrative access to perform the upload operations.
The vulnerability aligns with CWE-434, which specifically addresses "Unrestricted Upload of File with Dangerous Type," and represents a classic example of insecure file upload handling that has been documented across numerous web applications. From an attack framework perspective, this vulnerability maps to multiple ATT&CK techniques including T1190 for Exploit Public-Facing Application and T1059 for Command and Scripting Interpreter, as attackers can execute commands through the uploaded PHP payloads. Organizations should consider implementing comprehensive mitigations including strict file type validation, mandatory file extension filtering, and proper access controls for temporary directories. The most effective remediation involves upgrading to a patched version of Glossword that implements proper input validation and sanitization mechanisms, along with implementing network segmentation and monitoring for suspicious file upload activities in temporary directories.