CNNVD-202508-932 Information

CNNVD ID

CNNVD-202508-932

Related CVE

CVE-2012-10037

• CNNVD Published: 2025-08-11

Description (Chinese)

Sourceforge Phptax是Sourceforge开源的一个税务计算软件。 Sourceforge Phptax 0.8版本存在安全漏洞，该漏洞源于pfilez参数未经验证直接传递给exec函数，可能导致远程代码执行。

Description (English)

Sourceforge Phptax is an open source tax computing software. There is a security loophole in version 0.8 of Sourceforge Phptax, which stems from the unverified direct transmission of the pfilez parameter to the exec function, which may result in remote code execution.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Sourceforge

Published

2025-08-11

Last Modified

2026-02-24

References

https://www.exploit-db.com/exploits/21833 https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/ https://www.exploit-db.com/exploits/21665 https://sourceforge.net/projects/phptax/ https://access.redhat.com/security/cve/cve-2012-10037