CVE-2013-10032
HIGHCVSS v3
8.8
HIGH
EPSS Score
60.7%
exploit probability
CISA KEV
No
known exploited
Exploitation
—
SSVC status
Description
An authenticated remote code execution vulnerability exists in GetSimpleCMS version 3.2.1. The application’s upload.php endpoint allows authenticated users to upload arbitrary files without proper validation of MIME types or extensions. By uploading a .pht file containing PHP code, an attacker can bypass blacklist-based restrictions and place executable code within the web root. A crafted request using a polyglot or disguised extension allows the attacker to execute the payload by accessing the
Technical Details
- CVSS v3 Vector
- 3.1
- Published
- 7/25/2025
- Last Modified
- 9/23/2025
Frequently Asked Questions
What is CVE-2013-10032?
An authenticated remote code execution vulnerability exists in GetSimpleCMS version 3.2.1. The application’s upload.php endpoint allows authenticated users to upload arbitrary files without proper validation of MIME types or extensions. By uploading a .pht file containing PHP code, an attacker can bypass blacklist-based restrictions and place executable code within the web root. A crafted request using a polyglot or disguised extension allows the attacker to execute the payload by accessing the
Is CVE-2013-10032 actively exploited?
Active exploitation of CVE-2013-10032 has not been confirmed. The EPSS score is 60.7%, indicating the estimated probability of exploitation in the next 30 days.
What is the CVSS score for CVE-2013-10032?
CVE-2013-10032 has a CVSS v3 base score of 8.8 (HIGH severity), with vector string 3.1.
Is CVE-2013-10032 affecting your environment?
Use isMalicious to check if any of your IPs or domains are associated with this vulnerability's IOCs.