What is CVE-2013-10067?

CVE-2013-10067 is a vulnerability in Glossword Team, classified under Unrestricted Upload of File with Dangerous Type. Published 2025-08-05.

Is CVE-2013-10067 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Arbitrary file upload in Glossword Team

CVE-2013-10067

Glossword versions 1.8.8 through 1.8.12 contain an authenticated arbitrary file upload vulnerability. When deployed as a standalone application, the administrative interface (gw_admin.php) allows users with administrator privileges to uplo…

Vulnerability class: Unrestricted File Upload

EPSS: 0.530 (98.0th percentile) — read the EPSS interpretation.

Affected products

Glossword Team — versions 1.8.8

Weakness classification (CWE)

CWE-434 — Unrestricted Upload of File with Dangerous Type

Public proof-of-concept exploits

rapid7/metasploit-framework

References

raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/m… (exploit)
www.exploit-db.com/exploits/24456 (exploit)
www.exploit-db.com/exploits/24548 (exploit)
github.com/glosswordteam/Glossword (product)
sourceforge.net/projects/glossword/ (product)
www.vulncheck.com/advisories/glossword-arbitrary-file-upload-rce (third-party-advisory)

Frequently asked questions

What is CVE-2013-10067?: CVE-2013-10067 is a vulnerability in Glossword Team, classified under Unrestricted Upload of File with Dangerous Type. Published 2025-08-05.
Is CVE-2013-10067 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.