← back
CVE-2013-3631

CVE-2013-3631

43Vexday Risk Score

Patch soon. It has a working public exploit.

ssvc Attendepss 14%
from disclosure to weapon0 days
Published on NVDNov 2
1st PoCOct 31
metasploitOct 30
exploitation probability
14%top 4% of all CVEs
observed exploitation
nono source reports it
1 public exploit(s)
NAS4Free 9.1.0.1.804 and earlier allows remote authenticated users to execute arbitrary PHP code via a request to exec.php, aka the "Advanced | Execute Command" feature. NOTE: this issue might not be a vulnerability, since it appears to be part of legitimate, intentionally-exposed functionality by the developer and is allowed within the intended security policy.
Affected products
n/a · n/a
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.