CVE-2012-10045 Information

Aug 09, 2025 cve

Description

XODA version 0.4.5 contains an unauthenticated file upload vulnerability that allows remote attackers to execute arbitrary PHP code on the server. The flaw resides in the upload functionality which fails to properly validate or restrict uploaded file types. By crafting a multipart/form-data POST request an attacker can upload a .php file directly into the web-accessible files/ directory and trigger its execution via a subsequent GET request.

Reference

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/xoda_file_upload.rb https://sourceforge.net/projects/xoda/ https://www.exploit-db.com/exploits/20703 https://www.exploit-db.com/exploits/20713 https://www.vulncheck.com/advisories/xoda-arbitrary-php-file-upload https://xoda.org/ https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/xoda_file_upload.rb https://www.exploit-db.com/exploits/20713 https://www.exploit-db.com/exploits/20703

CNNVD-202508-778 (Published: 2025-08-08)

Share on:

CVE-2012-10045 Information

Description

Reference

Related CNNVD