What is CVE-2013-10040?

CVE-2013-10040 is a vulnerability in Clipbucket Llc, classified under Unrestricted Upload of File with Dangerous Type. Published 2025-07-31.

Is CVE-2013-10040 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Arbitrary file upload in Clipbucket Llc

CVE-2013-10040

ClipBucket version 2.6 and earlier contains a critical vulnerability in the ofc_upload_image.php script located at /admin_area/charts/ofc-library/. This endpoint allows unauthenticated users to upload arbitrary files, including executable…

Vulnerability class: Unrestricted File Upload

EPSS: 0.750 (98.9th percentile) — read the EPSS interpretation.

Affected products

Clipbucket Llc — versions 0

Weakness classification (CWE)

CWE-434 — Unrestricted Upload of File with Dangerous Type

Public proof-of-concept exploits

References

raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/u… (exploit)
packetstorm.news/files/id/123480 (exploit)
github.com/arslancb/clipbucket (product)
clipbucket.com/ (product)
www.vulncheck.com/advisories/clipbucket-arbitrary-file-upload-rce (third-party-advisory)

Frequently asked questions

What is CVE-2013-10040?: CVE-2013-10040 is a vulnerability in Clipbucket Llc, classified under Unrestricted Upload of File with Dangerous Type. Published 2025-07-31.
Is CVE-2013-10040 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.