CVE-2013-3631

NAS4Free <= 9.1.0.1.804 - Authenticated Remote Code Execution via Advanced Execute Command Feature

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2013-3631. PoCs published by Metasploit, including Metasploit module exploits/multi/http/nas4free_php_exec.

AI-analyzed exploit summary This Metasploit module exploits an authenticated remote code execution vulnerability in NAS4Free by posting PHP code to a special HTTP script. It authenticates, retrieves an auth token, and sends a multipart form with the payload to execute arbitrary PHP code.

Description

NAS4Free 9.1.0.1.804 and earlier allows remote authenticated users to execute arbitrary PHP code via a request to exec.php, aka the "Advanced | Execute Command" feature. NOTE: this issue might not be a vulnerability, since it appears to be part of legitimate, intentionally-exposed functionality by the developer and is allowed within the intended security policy.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotephp
https://www.exploit-db.com/exploits/29320

This Metasploit module exploits an authenticated remote code execution vulnerability in NAS4Free by posting PHP code to a special HTTP script. It authenticates, retrieves an auth token, and sends a multipart form with the payload to execute arbitrary PHP code.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: NAS4Free version 9.1.0.1.804
Auth required
Prerequisites: Valid credentials for NAS4Free · Network access to the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC GREAT
rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/nas4free_php_exec.rb

This Metasploit module exploits an authenticated remote code execution vulnerability in NAS4Free by posting PHP code to a special HTTP script. It authenticates, retrieves an auth token, and sends a multipart form with the payload to execute arbitrary PHP code.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: NAS4Free version 9.1.0.1.804
Auth required
Prerequisites: Valid credentials for NAS4Free · Access to the web interface
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/326830

Scores

EPSS 0.1263
EPSS Percentile 95.7%

Details

CWE
CWE-94
Status published
Products (2)
nas4free/nas4free 9.1.0.1.798
nas4free/nas4free < 9.1.0.1.804
Published Nov 02, 2013
Tracked Since Feb 18, 2026