What is CVE-2013-10054?

CVE-2013-10054 is a vulnerability in Librettocms, classified under Unrestricted Upload of File with Dangerous Type. Published 2025-08-04.

Is CVE-2013-10054 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Arbitrary file upload in Librettocms

CVE-2013-10054

An unauthenticated arbitrary file upload vulnerability exists in LibrettoCMS version 1.1.7 (and possibly earlier) contains an unauthenticated arbitrary file upload vulnerability in its File Manager plugin. The upload handler located at adm…

Vulnerability class: Unrestricted File Upload

EPSS: 0.824 (99.2th percentile) — read the EPSS interpretation.

Affected products

Librettocms — versions 1.1.7

Weakness classification (CWE)

CWE-434 — Unrestricted Upload of File with Dangerous Type

Public proof-of-concept exploits

References

raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/u… (exploit)
www.exploit-db.com/exploits/26213 (exploit)
www.exploit-db.com/exploits/26421 (exploit)
sourceforge.net/projects/librettocms/ (product)
www.vulncheck.com/advisories/librettocms-file-manager-arbitrary-file-upload (third-party-advisory)

Frequently asked questions

What is CVE-2013-10054?: CVE-2013-10054 is a vulnerability in Librettocms, classified under Unrestricted Upload of File with Dangerous Type. Published 2025-08-04.
Is CVE-2013-10054 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.