Critical severityNVD Advisory· Published Aug 8, 2025· Updated Apr 15, 2026

CVE-2012-10045

Description

XODA version 0.4.5 contains an unauthenticated file upload vulnerability that allows remote attackers to execute arbitrary PHP code on the server. The flaw resides in the upload functionality, which fails to properly validate or restrict uploaded file types. By crafting a multipart/form-data POST request, an attacker can upload a .php file directly into the web-accessible files/ directory and trigger its execution via a subsequent GET request.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/xoda_file_upload.rbnvd
sourceforge.net/projects/xoda/nvd
www.exploit-db.com/exploits/20703nvd
www.exploit-db.com/exploits/20713nvd
www.vulncheck.com/advisories/xoda-arbitrary-php-file-uploadnvd
xoda.orgnvd

News mentions

No linked articles in our index yet.

cvss	0.585
epss	0.056
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000