Unrated severityNVD Advisory· Published Nov 2, 2013· Updated Apr 29, 2026

CVE-2013-3631

Description

NAS4Free 9.1.0.1.804 and earlier allows remote authenticated users to execute arbitrary PHP code via a request to exec.php, aka the "Advanced | Execute Command" feature. NOTE: this issue might not be a vulnerability, since it appears to be part of legitimate, intentionally-exposed functionality by the developer and is allowed within the intended security policy.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

community.rapid7.com/community/metasploit/blog/2013/10/30/seven-tricks-and-treatsnvdExploit
www.kb.cert.org/vuls/id/326830nvdUS Government Resource

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.039
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000