What is CVE-2013-10055?

CVE-2013-10055 is a vulnerability in Havalite Cms, classified under Unrestricted Upload of File with Dangerous Type. Published 2025-08-01.

Is CVE-2013-10055 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Arbitrary file upload in Havalite Cms

CVE-2013-10055

An unauthenticated arbitrary file upload vulnerability exists in Havalite CMS version 1.1.7 (and possibly earlier) in the upload.php script. The application fails to enforce proper file extension validation and authentication checks, allow…

Vulnerability class: Unrestricted File Upload

EPSS: 0.823 (99.2th percentile) — read the EPSS interpretation.

Affected products

Havalite Cms — versions 1.1.7

Weakness classification (CWE)

CWE-434 — Unrestricted Upload of File with Dangerous Type

Public proof-of-concept exploits

References

raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/u… (exploit)
www.exploit-db.com/exploits/26243 (exploit)
sourceforge.net/projects/havalite/ (product)
www.vulncheck.com/advisories/havalite-cms-arbitary-file-upload-rce (third-party-advisory)

Frequently asked questions

What is CVE-2013-10055?: CVE-2013-10055 is a vulnerability in Havalite Cms, classified under Unrestricted Upload of File with Dangerous Type. Published 2025-08-01.
Is CVE-2013-10055 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.