Login Sign Up

CVE-2013-6225

9.8 CRITICAL
Remote Code Execution Path Traversal

📋 TL;DR

CVE-2013-6225 is a critical remote code execution vulnerability in LiveZilla live chat software. It allows attackers to execute arbitrary code on affected servers by exploiting improper path validation. Organizations running vulnerable versions of LiveZilla are at risk.

💻 Affected Systems

Products:
  • LiveZilla
Versions: 5.0.1.4 and likely earlier versions
Operating Systems: Windows, Linux
Default Config Vulnerable: ⚠️ Yes
Notes: Affects LiveZilla installations with default configurations. The vulnerability is in the web interface component.

📦 What is this software?

Livezilla by Livezilla

View all CVEs affecting Livezilla →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attackers to install malware, steal data, pivot to internal networks, or establish persistent backdoors.

🟠

Likely Case

Web server compromise leading to data theft, defacement, or use as part of botnets for further attacks.

🟢

If Mitigated

Limited impact with proper network segmentation, but still potential for web server compromise.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: CONFIRMED
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Multiple public exploit scripts available. Attack requires no authentication and is trivial to execute.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 5.0.1.5 and later

Vendor Advisory: https://www.livezilla.net/

Restart Required: No

Instructions:

1. Download latest LiveZilla version from official website. 2. Backup current installation. 3. Replace vulnerable files with patched version. 4. Verify installation works correctly.

🔧 Temporary Workarounds

Remove vulnerable files

linux

Delete or rename the vulnerable PHP files that allow path traversal

rm /path/to/livezilla/vulnerable_file.php

Restrict file uploads

all

Configure web server to block uploads to vulnerable directories

location ~* \.php$ { deny all; }

🧯 If You Can't Patch

  • Isolate LiveZilla server in DMZ with strict firewall rules
  • Implement web application firewall with RCE protection rules

🔍 How to Verify

Check if Vulnerable:

Check LiveZilla version in admin panel or by examining file versions. Version 5.0.1.4 is vulnerable.

Check Version:

Check /livezilla/admin/version.php or similar admin interface

Verify Fix Applied:

Verify version is 5.0.1.5 or later. Test path traversal attempts return proper errors.

📡 Detection & Monitoring

Log Indicators:

  • Unusual file uploads to LiveZilla directories
  • Path traversal patterns in web logs
  • Execution of system commands in web logs

Network Indicators:

  • HTTP requests with ../ patterns to LiveZilla
  • Unexpected outbound connections from LiveZilla server

SIEM Query:

source="web_logs" AND uri="*livezilla*" AND (uri="*../*" OR uri="*..\\*" OR method="POST" AND uri="*upload*")

📊 Metadata

CVE ID: CVE-2013-6225
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-22
Published: January 13, 2020
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2013-6225, you might also want to check these:

CVE-2024-43955 10.0

CVE-2024-43955 is an unauthenticated path traversal vulnerability in the Droip WordPress plugin that...

Same vulnerability type (CWE-22)
CVE-2025-54261 10.0

This critical path traversal vulnerability in Adobe ColdFusion allows attackers to escape restricted...

Same vulnerability type (CWE-22)
CVE-2024-40628 10.0

This critical vulnerability in JumpServer allows attackers to read arbitrary files from the Celery c...

Same vulnerability type (CWE-22)