CVE-2013-4095

Imperva SecureSphere 9.0.0.5 - Authenticated Remote Code Execution via Task Command Field

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-4095. PoCs published by Pedro Andujar.

AI-analyzed exploit summary This advisory details multiple vulnerabilities in Imperva SecureSphere Operations Manager, including command execution, file upload, and information disclosure issues. It provides technical descriptions and proof-of-concept examples for exploitation.

Description

plain/actionsets.html in the SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 allows remote authenticated users to execute arbitrary commands via a task with a [command].value field in conjunction with an [arguments].value field.

Exploits (1)

exploitdb WRITEUP
by Pedro Andujar · textwebappsjsp
https://www.exploit-db.com/exploits/25977

This advisory details multiple vulnerabilities in Imperva SecureSphere Operations Manager, including command execution, file upload, and information disclosure issues. It provides technical descriptions and proof-of-concept examples for exploitation.

Classification
Writeup 90%
Attack Type
Rce | Info Leak
Complexity
Moderate
Reliability
Reliable
Target: Imperva SecureSphere Operations Manager version 9.0.0.5 Enterprise Edition
Auth required
Prerequisites: Authenticated access to the SecureSphere Operations Manager · Network access to the target system
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Scores

EPSS 0.0588
EPSS Percentile 92.3%

Details

CWE
CWE-20
Status published
Products (1)
imperva/securesphere 9.0.0.5
Published Jun 28, 2013
Tracked Since Feb 18, 2026