CVE-2013-10038

CRITICAL

FlashChat 6.0.2, 6.0.4-6.0.8 - Unauthenticated Arbitrary File Upload via upload.php

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2013-10038. PoCs published by x-hayben21, x-hayben21, bcoles, including Metasploit module exploits/unix/webapp/flashchat_upload_exec.

AI-analyzed exploit summary This exploit demonstrates a file upload vulnerability in FlashChat v6.0.8 and earlier versions. The provided HTML form allows an attacker to upload arbitrary files to the server via the vulnerable upload.php script.

Description

An unauthenticated arbitrary file upload vulnerability exists in FlashChat versions 6.0.2 and 6.0.4 through 6.0.8. The upload.php endpoint fails to properly validate file types and authentication, allowing attackers to upload malicious PHP scripts. Once uploaded, these scripts can be executed remotely, resulting in arbitrary code execution as the web server user.

Exploits (2)

exploitdb WORKING POC VERIFIED

by x-hayben21 · textwebappsphp

https://www.exploit-db.com/exploits/28709

View Code ZIP pw:eip

This exploit demonstrates a file upload vulnerability in FlashChat v6.0.8 and earlier versions. The provided HTML form allows an attacker to upload arbitrary files to the server via the vulnerable upload.php script.

Classification

Working Poc 90%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: FlashChat v6.0.8 and earlier

No auth needed

Prerequisites: Access to the vulnerable upload.php endpoint

MITRE ATT&CK

T1105 - Ingress Tool Transfer

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC EXCELLENT

by x-hayben21, bcoles · rubypocphp

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/flashchat_upload_exec.rb

View Code ZIP pw:eip

This Metasploit module exploits an unauthenticated arbitrary file upload vulnerability in FlashChat versions 6.0.2 and 6.0.4 to 6.0.8, allowing remote code execution as the web server user by uploading a malicious PHP file.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: FlashChat versions 6.0.2, 6.0.4 to 6.0.8

No auth needed

Prerequisites: Target running vulnerable FlashChat version · Network access to the target

MITRE ATT&CK

T1105 - Ingress Tool Transfer T1204 - User Execution T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Various Sources exploit

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/flashchat_upload_exec.rb

Various Sources

https://www.phpbb.com/community/viewtopic.php?t=2627786

Exploit, Third Party Advisory exploit

https://www.exploit-db.com/exploits/28709

Vendor Advisory third-party-advisory

https://www.fortiguard.com/encyclopedia/ips/37342/flashchat-arbitrary-file-upload

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/flashchat-arbitrary-file-upload-rce

Scores

CVSS v4 9.3

EPSS 0.0160

EPSS Percentile 72.6%

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

CWE

CWE-434

Status published

Products (2)

TUFaT/FlashChat 6.0.2

TUFaT/FlashChat 6.0.4 - 6.0.8

Published Jul 31, 2025

Tracked Since Feb 18, 2026