CVE-2012-10045

XODA 0.4.5 Arbitrary PHP File Upload

Description

XODA version 0.4.5 contains an unauthenticated file upload vulnerability that allows remote attackers to execute arbitrary PHP code on the server. The flaw resides in the upload functionality, which fails to properly validate or restrict uploaded file types. By crafting a multipart/form-data POST request, an attacker can upload a .php file directly into the web-accessible files/ directory and trigger its execution via a subsequent GET request.

INFO

Published Date :

2025-08-08T18:14:08.705Z

Last Modified :

2026-04-07T14:02:40.322Z

Source :

VulnCheck

AFFECTED PRODUCTS

The following products are affected by CVE-2012-10045 vulnerability.

Vendors	Products
Xoda	Xoda

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2012-10045.

URL	Resource
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/xoda_file_upload.rb
https://sourceforge.net/projects/xoda/
https://www.exploit-db.com/exploits/20703
https://www.exploit-db.com/exploits/20713
https://www.vulncheck.com/advisories/xoda-arbitrary-php-file-upload
https://xoda.org/

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability