CVE-2013-3520

Vmware Vcenter Chargeback Manager < 2.5.0 - Code Injection

Title source: rule

Description

VMware vCenter Chargeback Manager (aka CBM) before 2.5.1 does not proper handle uploads, which allows remote attackers to execute arbitrary code via unspecified vectors.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/27046

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

by Andrea Micalizzi, juan vazquez · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/vmware_vcenter_chargeback_upload.rb

View Code ZIP pw:eip

References (1)

[Vendor Advisory] http://www.vmware.com/security/advisories/VMSA-2013-0008.html

Scores

EPSS 0.8191

EPSS Percentile 99.2%

Details

CWE

CWE-94

Status published

Products (7)

vmware/vcenter_chargeback_manager 1.5.0

vmware/vcenter_chargeback_manager 1.6.0

vmware/vcenter_chargeback_manager 1.6.1

vmware/vcenter_chargeback_manager 1.6.2

vmware/vcenter_chargeback_manager 2.0.0

vmware/vcenter_chargeback_manager 2.0.1

vmware/vcenter_chargeback_manager < 2.5.0

Published Jun 17, 2013

Tracked Since Feb 18, 2026