Critical severityNVD Advisory· Published Aug 5, 2025· Updated Apr 15, 2026

CVE-2013-10067

Description

Glossword versions 1.8.8 through 1.8.12 contain an authenticated arbitrary file upload vulnerability. When deployed as a standalone application, the administrative interface (gw_admin.php) allows users with administrator privileges to upload files to the gw_temp/a/ directory. Due to insufficient validation of file type and path, attackers can upload and execute PHP payloads, resulting in remote code execution.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/glossword_upload_exec.rbnvd
sourceforge.net/projects/glossword/nvd
www.exploit-db.com/exploits/24456nvd
www.exploit-db.com/exploits/24548nvd
www.vulncheck.com/advisories/glossword-arbitrary-file-upload-rcenvd

News mentions

No linked articles in our index yet.

cvss	0.585
epss	0.026
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000