CVE-2013-10054

CRITICAL

LibrettoCMS 1.1.7 - Unauthenticated RCE

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2013-10054. PoCs published by Metasploit, CWH Underground, CWH, sinn3r, including Metasploit module exploits/unix/webapp/libretto_upload_exec.

AI-analyzed exploit summary This Metasploit module exploits an arbitrary file upload vulnerability in LibrettoCMS 1.1.7 by bypassing file extension checks to upload a malicious PHP file, enabling remote code execution.

Description

An unauthenticated arbitrary file upload vulnerability exists in LibrettoCMS version 1.1.7 (and possibly earlier) contains an unauthenticated arbitrary file upload vulnerability in its File Manager plugin. The upload handler located at adm/ui/js/ckeditor/plugins/pgrfilemanager/php/upload.php fails to properly validate file extensions, allowing attackers to upload files with misleading extensions and subsequently rename them to executable .php scripts. This enables remote code execution on the server without authentication.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotephp
https://www.exploit-db.com/exploits/26421

This Metasploit module exploits an arbitrary file upload vulnerability in LibrettoCMS 1.1.7 by bypassing file extension checks to upload a malicious PHP file, enabling remote code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: LibrettoCMS 1.1.7
No auth needed
Prerequisites: Network access to the target · LibrettoCMS file manager accessible
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by CWH Underground · textwebappsphp
https://www.exploit-db.com/exploits/26213

This exploit leverages a file upload vulnerability in LibrettoCMS 2.2.2, allowing unauthenticated users to upload a malicious PHP file disguised as a .doc file and rename it to execute arbitrary PHP code on the server.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: LibrettoCMS 2.2.2
No auth needed
Prerequisites: Access to the target's PGRFileManager.php · Ability to upload files
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
by CWH, sinn3r · rubypocphp
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/libretto_upload_exec.rb

This Metasploit module exploits an arbitrary file upload vulnerability in LibrettoCMS 1.1.7 (and prior) by bypassing file extension checks to upload a malicious PHP file without authentication, leading to remote code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: LibrettoCMS 1.1.7 (and prior)
No auth needed
Prerequisites: Network access to the target · LibrettoCMS installation with vulnerable file upload functionality
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Scores

CVSS v4 9.3
EPSS 0.0160
EPSS Percentile 72.5%
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

CWE
CWE-434
Status published
Products (1)
LibrettoCMS/LibrettoCMS 1.1.7
Published Aug 04, 2025
Tracked Since Feb 18, 2026