CVE-2013-10067

CRITICAL LAB

Glossword 1.8.8-1.8.12 - Authenticated Arbitrary File Upload and Remote Code Execution via Administrative Interface

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2013-10067. PoCs published by Metasploit, AkaStep, AkaStep, bcoles, including Metasploit module exploits/multi/http/glossword_upload_exec.

AI-analyzed exploit summary This Metasploit module exploits an arbitrary file upload vulnerability in Glossword versions 1.8.8 to 1.8.12, allowing authenticated administrators to upload and execute malicious PHP files.

Description

Glossword versions 1.8.8 through 1.8.12 contain an authenticated arbitrary file upload vulnerability. When deployed as a standalone application, the administrative interface (gw_admin.php) allows users with administrator privileges to upload files to the gw_temp/a/ directory. Due to insufficient validation of file type and path, attackers can upload and execute PHP payloads, resulting in remote code execution.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotephp
https://www.exploit-db.com/exploits/24548

This Metasploit module exploits an arbitrary file upload vulnerability in Glossword versions 1.8.8 to 1.8.12, allowing authenticated administrators to upload and execute malicious PHP files.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Glossword 1.8.8 - 1.8.12
Auth required
Prerequisites: Valid administrator credentials · Access to the Glossword admin interface
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by AkaStep · textwebappsphp
https://www.exploit-db.com/exploits/24456

This exploit demonstrates multiple vulnerabilities in Glossword 1.8.12, including XSS, database backup disclosure, and potential shell upload. It provides proof-of-concept examples for exploiting these vulnerabilities, such as a reflected XSS payload and a method to access sensitive database backups via HTTP.

Classification
Working Poc 90%
Attack Type
Xss | Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Glossword 1.8.12
No auth needed
Prerequisites: Access to the target application
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
by AkaStep, bcoles · rubypocphp
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/glossword_upload_exec.rb

This Metasploit module exploits an arbitrary file upload vulnerability in Glossword versions 1.8.8 to 1.8.12, allowing authenticated administrators to upload and execute PHP payloads.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Glossword 1.8.8 - 1.8.12
Auth required
Prerequisites: Authenticated admin access · Network access to the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6

Scores

CVSS v4 9.4
EPSS 0.0099
EPSS Percentile 57.7%
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Lab Environment

COMMUNITY
Community Lab
docker pull mysql:5.7
docker pull phpmyadmin:latest

Details

CWE
CWE-434
Status published
Products (1)
Glossword Team/Glossword 1.8.8 - 1.8.12
Published Aug 05, 2025
Tracked Since Feb 18, 2026