Critical severityNVD Advisory· Published Aug 8, 2025· Updated Apr 15, 2026
CVE-2012-10049
CVE-2012-10049
Description
WebPageTest version 2.6 and earlier contains an arbitrary file upload vulnerability in the resultimage.php script. The application fails to validate or sanitize user-supplied input before saving uploaded files to a publicly accessible directory. This flaw allows remote attackers to upload and execute arbitrary PHP code, resulting in full remote code execution under the web server context.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: <=2.6
Patches
Vulnerability mechanics
References
5- raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/webpagetest_upload_exec.rbnvd
- www.broadcom.com/support/security-center/attacksignatures/detailnvd
- www.exploit-db.com/exploits/19790nvd
- www.exploit-db.com/exploits/20173nvd
- www.vulncheck.com/advisories/webpagetest-arbitrary-php-file-upload-rcenvd
News mentions
0No linked articles in our index yet.