Critical severityNVD Advisory· Published Aug 5, 2025· Updated Apr 15, 2026
CVE-2013-10067
CVE-2013-10067
Description
Glossword versions 1.8.8 through 1.8.12 contain an authenticated arbitrary file upload vulnerability. When deployed as a standalone application, the administrative interface (gw_admin.php) allows users with administrator privileges to upload files to the gw_temp/a/ directory. Due to insufficient validation of file type and path, attackers can upload and execute PHP payloads, resulting in remote code execution.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: >=1.8.8 <=1.8.12
Patches
Vulnerability mechanics
References
5News mentions
0No linked articles in our index yet.