High severityNVD Advisory· Published Aug 13, 2025· Updated Apr 15, 2026

CVE-2012-10056

Description

PHP Volunteer Management System v1.0.2 contains an arbitrary file upload vulnerability in its document upload functionality. Authenticated users can upload files to the mods/documents/uploads/ directory without any restriction on file type or extension. Because this directory is publicly accessible and lacks execution controls, attackers can upload a malicious PHP payload and execute it remotely. The application ships with default credentials, making exploitation trivial. Once authenticated, the attacker can upload a PHP shell and trigger it via a direct GET request.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/php_volunteer_upload_exec.rbnvd
sourceforge.net/projects/phpvolunteer/nvd
www.exploit-db.com/exploits/18941nvd
www.exploit-db.com/exploits/18957nvd
www.vulncheck.com/advisories/php-volunteer-management-system-arbitrary-file-uploadnvd

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.029
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000