CVEs-PoC/2012/CVE-2012-2751.md

### [CVE-2012-2751](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2751)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3D%20n%2Fa%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

ModSecurity before 2.6.6, when used with PHP, does not properly handle single quotes not at the beginning of a request parameter value in the Content-Disposition field of a request with a multipart/form-data Content-Type header, which allows remote attackers to bypass filtering rules and perform other attacks such as cross-site scripting (XSS) attacks. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-5031.

### POC

#### Reference
- http://blog.ivanristic.com/2012/06/modsecurity-and-modsecurity-core-rule-set-multipart-bypasses.html
- http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html

#### Github
No PoCs found on GitHub currently.