CVE-2013-10034

CRITICAL

Kaseya KServer <6.3.0.2 - File Upload

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2013-10034. PoCs published by Security-Assessment.com, Thomas Hibbert <[email protected]>, including Metasploit module exploits/windows/http/kaseya_uploadimage_file_upload.

AI-analyzed exploit summary This exploit demonstrates an arbitrary file upload vulnerability in Kaseya versions < 6.3.0.2, allowing remote code execution via a malicious ASP file upload to the /SystemTab/uploadImage.asp endpoint. The vulnerability does not require authentication and leverages directory traversal to place the file in a web-accessible directory.

Description

An unrestricted file upload vulnerability exists in Kaseya KServer versions prior to 6.3.0.2. The uploadImage.asp endpoint allows unauthenticated users to upload files to arbitrary paths via a crafted filename parameter in a multipart/form-data POST request. Due to the lack of authentication and input sanitation, an attacker can upload a file with an .asp extension to a web-accessible directory, which can then be invoked to execute arbitrary code with the privileges of the IUSR account. The vulnerability enables remote code execution without prior authentication and was resolved in version 6.3.0.2 by removing the vulnerable uploadImage.asp endpoint.

Exploits (2)

exploitdb WORKING POC

by Security-Assessment.com · textwebappsasp

https://www.exploit-db.com/exploits/29675

View Code ZIP pw:eip

This exploit demonstrates an arbitrary file upload vulnerability in Kaseya versions < 6.3.0.2, allowing remote code execution via a malicious ASP file upload to the /SystemTab/uploadImage.asp endpoint. The vulnerability does not require authentication and leverages directory traversal to place the file in a web-accessible directory.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Kaseya < 6.3.0.2

No auth needed

Prerequisites: Network access to the Kaseya server · Ability to send HTTP POST requests

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1210 - Exploitation of Remote Services

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC EXCELLENT

by Thomas Hibbert <[email protected]> · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/kaseya_uploadimage_file_upload.rb

View Code ZIP pw:eip

This Metasploit module exploits an arbitrary file upload vulnerability in Kaseya versions below 6.3.0.2, allowing unauthenticated attackers to upload an ASP file and achieve remote code execution with IUSR privileges.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Kaseya KServer < 6.3.0.2

No auth needed

Prerequisites: Network access to the target · Kaseya uploadImage.asp endpoint accessible

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1505.003 - Web Shell

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Various Sources exploit

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/http/kaseya_uploadimage_file_upload.rb

Vendor Advisory third-party-advisory technical-description exploit

https://web.archive.org/web/20150210113922/http://security-assessment.com/files/documents/advisory/Kaseya%20File%20Upload.pdf

Exploit, Third Party Advisory exploit

https://www.exploit-db.com/exploits/29675

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/kaseya-arbitrary-file-upload-rce

Scores

CVSS v4 9.3

EPSS 0.0229

EPSS Percentile 81.0%

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

CWE

CWE-434

Status published

Products (1)

Kaseya/KServer < 6.3.0.2

Published Jul 31, 2025

Tracked Since Feb 18, 2026