CVE-2013-3520

VMware vCenter Chargeback Manager < 2.5.1 - Remote Code Execution via Unsafe Upload Handling

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2013-3520. PoCs published by Metasploit, Andrea Micalizzi, juan vazquez, including Metasploit module exploits/windows/http/vmware_vcenter_chargeback_upload.

AI-analyzed exploit summary This Metasploit module exploits an arbitrary file upload vulnerability in VMware vCenter Chargeback Manager's ImageUploadServlet, allowing unauthenticated attackers to upload and execute JSP files, leading to remote code execution.

Description

VMware vCenter Chargeback Manager (aka CBM) before 2.5.1 does not proper handle uploads, which allows remote attackers to execute arbitrary code via unspecified vectors.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/27046

This Metasploit module exploits an arbitrary file upload vulnerability in VMware vCenter Chargeback Manager's ImageUploadServlet, allowing unauthenticated attackers to upload and execute JSP files, leading to remote code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: VMware vCenter Chargeback Manager 2.0.1
No auth needed
Prerequisites: Network access to the target server · VMware vCenter Chargeback Manager 2.0.1 running on Windows
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
by Andrea Micalizzi, juan vazquez · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/vmware_vcenter_chargeback_upload.rb

This Metasploit module exploits an unauthenticated arbitrary file upload vulnerability in VMware vCenter Chargeback Manager's ImageUploadServlet, allowing JSP code execution in the /cbmui/images/ directory. It uploads a JSP dropper that writes and executes a payload, achieving remote code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: VMware vCenter Chargeback Manager 2.0.1
No auth needed
Prerequisites: Network access to the target's ImageUploadServlet endpoint · Target running VMware vCenter Chargeback Manager 2.0.1
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References

Scores

EPSS 0.5564
EPSS Percentile 98.9%

Details

CWE
CWE-94
Status published
Products (7)
vmware/vcenter_chargeback_manager 1.5.0
vmware/vcenter_chargeback_manager 1.6.0
vmware/vcenter_chargeback_manager 1.6.1
vmware/vcenter_chargeback_manager 1.6.2
vmware/vcenter_chargeback_manager 2.0.0
vmware/vcenter_chargeback_manager 2.0.1
vmware/vcenter_chargeback_manager < 2.5.0
Published Jun 17, 2013
Tracked Since Feb 18, 2026