What is CVE-2013-10038?

CVE-2013-10038 is a vulnerability in Tufat Flashchat, classified under Unrestricted Upload of File with Dangerous Type. Published 2025-07-31.

Is CVE-2013-10038 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Arbitrary file upload in Tufat Flashchat

CVE-2013-10038

An unauthenticated arbitrary file upload vulnerability exists in FlashChat versions 6.0.2 and 6.0.4 through 6.0.8. The upload.php endpoint fails to properly validate file types and authentication, allowing attackers to upload malicious PHP…

Vulnerability class: Unrestricted File Upload

EPSS: 0.761 (98.9th percentile) — read the EPSS interpretation.

Affected products

Tufat Flashchat — versions 6.0.2, 6.0.4

Weakness classification (CWE)

CWE-434 — Unrestricted Upload of File with Dangerous Type

Public proof-of-concept exploits

References

raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/u… (exploit)
www.exploit-db.com/exploits/28709 (exploit)
www.fortiguard.com/encyclopedia/ips/37342/flashchat-arbitrary-file-upload (third-party-advisory)
www.phpbb.com/community/viewtopic.php
www.vulncheck.com/advisories/flashchat-arbitrary-file-upload-rce (third-party-advisory)

Frequently asked questions

What is CVE-2013-10038?: CVE-2013-10038 is a vulnerability in Tufat Flashchat, classified under Unrestricted Upload of File with Dangerous Type. Published 2025-07-31.
Is CVE-2013-10038 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.