CVEs-PoC/2012/CVE-2012-10037.md at fb72866abda7b3c768cede9c8bc9e7764567e5d7

mirror of https://github.com/0xMarcio/cve.git synced 2026-02-12 18:42:46 +00:00

Files

0xMarcio cb00e1339f Update CVE list 2025-09-29 21:09

2025-09-29 21:09:30 +02:00

Description

PhpTax version 0.8 contains a remote code execution vulnerability in drawimage.php. The pfilez GET parameter is unsafely passed to the exec() function without sanitization. A remote attacker can inject arbitrary shell commands, leading to code execution under the web server's context. No authentication is required.

POC

Reference

https://www.exploit-db.com/exploits/21665
https://www.exploit-db.com/exploits/21833

Github

https://github.com/fkie-cad/nvd-json-data-feeds

967 B Raw Blame History

CVE-2012-10037

Description

POC

Reference

Github

967 B

Raw Blame History