CVE-2012-10056

NONE

Description

PHP Volunteer Management System v1.0.2 contains an arbitrary file upload vulnerability in its document upload functionality. Authenticated users can upload files to the mods/documents/uploads/ directory without any restriction on file type or extension. Because this directory is publicly accessible and lacks execution controls, attackers can upload a malicious PHP payload and execute it remotely. The application ships with default credentials, making exploitation trivial. Once authenticated, the attacker can upload a PHP shell and trigger it via a direct GET request.

Affected routers (0)

No routers currently mapped to this CVE in our database.

External references

• NIST NVD
• MITRE CVE