CVEs-PoC/2012/CVE-2012-10045.md at fb72866abda7b3c768cede9c8bc9e7764567e5d7

mirror of https://github.com/0xMarcio/cve.git synced 2026-02-12 18:42:46 +00:00

Files

0xMarcio cb00e1339f Update CVE list 2025-09-29 21:09

2025-09-29 21:09:30 +02:00

Description

XODA version 0.4.5 contains an unauthenticated file upload vulnerability that allows remote attackers to execute arbitrary PHP code on the server. The flaw resides in the upload functionality, which fails to properly validate or restrict uploaded file types. By crafting a multipart/form-data POST request, an attacker can upload a .php file directly into the web-accessible files/ directory and trigger its execution via a subsequent GET request.

POC

Reference

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/xoda_file_upload.rb
https://www.exploit-db.com/exploits/20703
https://www.exploit-db.com/exploits/20713
https://www.vulncheck.com/advisories/xoda-arbitrary-php-file-upload

Github

https://github.com/fkie-cad/nvd-json-data-feeds

1.2 KiB Raw Blame History

CVE-2012-10045

Description

POC

Reference

Github

1.2 KiB

Raw Blame History