CVE-2013-7057
Axway SecureTransport < 5.1 - Cross-Site Request Forgery via File Upload API
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2013-7057. PoCs published by Emmanuel Law.
AI-analyzed exploit summary This is a CSRF-based arbitrary file upload exploit for Axway Secure Transport 5.1 SP2. It leverages the lack of anti-CSRF tokens to upload a file via a crafted multipart/form-data request.
Description
Cross-site request forgery (CSRF) vulnerability in Axway SecureTransport 5.1 SP2 and earlier allows remote attackers to hijack the authentication of unspecified users for requests that upload arbitrary files via a crafted request to api/v1.0/files/.
Exploits (1)
This is a CSRF-based arbitrary file upload exploit for Axway Secure Transport 5.1 SP2. It leverages the lack of anti-CSRF tokens to upload a file via a crafted multipart/form-data request.