CVE-2013-10047

CRITICAL

MiniWeb HTTP Server <= Build 300 - File Upload

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2013-10047. PoCs published by Metasploit, AkaStep, bcoles, including Metasploit module exploits/windows/http/miniweb_upload_wbem.

AI-analyzed exploit summary This Metasploit module exploits a file upload vulnerability in MiniWeb HTTP server (build 300) to achieve remote code execution by uploading a malicious executable and a MOF file to trigger WMI execution. It targets Windows systems before Vista.

Description

An unrestricted file upload vulnerability exists in MiniWeb HTTP Server <= Build 300 that allows unauthenticated remote attackers to upload arbitrary files to the server’s filesystem. By abusing the upload handler and crafting a traversal path, an attacker can place a malicious .exe in system32, followed by a .mof file in the WMI directory. This triggers execution of the payload with SYSTEM privileges via the Windows Management Instrumentation service. The exploit is only viable on Windows versions prior to Vista.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/27607

View Code ZIP pw:eip

This Metasploit module exploits a file upload vulnerability in MiniWeb HTTP server (build 300) to achieve remote code execution by uploading a malicious executable and a MOF file to trigger WMI execution. It targets Windows systems before Vista.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: MiniWeb HTTP server (build 300)

No auth needed

Prerequisites: Network access to the MiniWeb server · MiniWeb server running on Windows pre-Vista

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1047 - Windows Management Instrumentation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC EXCELLENT

by AkaStep, bcoles · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/miniweb_upload_wbem.rb

View Code ZIP pw:eip

This Metasploit module exploits an arbitrary file upload vulnerability in MiniWeb HTTP server (build 300) to achieve remote code execution by uploading a malicious executable and a MOF file to trigger WMI execution.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: MiniWeb HTTP server (build 300)

No auth needed

Prerequisites: Network access to the MiniWeb server · Windows target (pre-Vista)

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1047 - Windows Management Instrumentation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit, Third Party Advisory exploit

https://www.exploit-db.com/exploits/27607

Product product

https://sourceforge.net/projects/miniweb/

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/miniweb-arbitrary-file-upload

Various Sources exploit

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/http/miniweb_upload_wbem.rb

Scores

CVSS v4 9.3

EPSS 0.0099

EPSS Percentile 57.9%

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

CWE

CWE-434

Status published

Products (1)

MiniWeb/MiniWeb < Build 300

Published Aug 01, 2025

Tracked Since Feb 18, 2026