CVE-2013-10032

Name: CVE-2013-10032
Creator: NVD / NIST
Published: 2025-07-25T16:15:24.55+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 8.7/10EPSS 2.48%

Last modified Jun 16, 2026

CVE-2013-10032 is a high-severity vulnerability rated 8.7/10 on the CVSS scale. An authenticated remote code execution vulnerability exists in GetSimpleCMS version 3.2.1. The application’s upload.php endpoint allows authenticated users to upload arbitrary files without proper validation of MIME types or extensions. EPSS estimates a 2.48% chance of exploitation in the next 30 days.

Description

An authenticated remote code execution vulnerability exists in GetSimpleCMS version 3.2.1. The application’s upload.php endpoint allows authenticated users to upload arbitrary files without proper validation of MIME types or extensions. By uploading a .pht file containing PHP code, an attacker can bypass blacklist-based restrictions and place executable code within the web root. A crafted request using a polyglot or disguised extension allows the attacker to execute the payload by accessing the file directly via the web server. This vulnerability exists due to the use of a blacklist for filtering file types instead of a whitelist.

Metrics

CVSS 3.1

8.8/10

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS 4.0

8.7/10

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

EPSS Probability

2.48%

82.6th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Get-Simple	Getsimplecms	3.2.1

References

https://get-simple.infoProduct
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/get_simple_cms_upload_exec.rbExploit, Third Party Advisory
https://www.broadcom.com/support/security-center/attacksignatures/detail?asid=27895Third Party Advisory
https://www.exploit-db.com/exploits/25405Exploit, VDB Entry
https://www.fortiguard.com/encyclopedia/ips/39295Third Party Advisory
https://www.vulncheck.com/advisories/getsimple-cms-auth-rce-via-arbitrary-php-file-uploadThird Party Advisory

Timeline

Published: Jul 25, 2025
Last Modified: Jun 16, 2026
Status: Analyzed

Frequently Asked Questions

What is CVE-2013-10032?

How severe is CVE-2013-10032?

CVE-2013-10032 has a CVSS score of 8.7/10 (HIGH severity). The EPSS model estimates a 2.48% probability of exploitation in the next 30 days.

How do I fix CVE-2013-10032?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2013-10032?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST