cbcvebase.
CVE-2012-10033
published 2025-08-05

CVE-2012-10033: Narcissus is vulnerable to remote code execution via improper input handling in its image configuration workflow. Specifically, the backend.php script fails to…

PriorityP267critical9.3CVSS 4.0
AVNACLATNPRNUINVCHVIHVAHSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EXPLOIT
EPSS
1.14%
62.5th percentile
Narcissus is vulnerable to remote code execution via improper input handling in its image configuration workflow. Specifically, the backend.php script fails to sanitize the release parameter before passing it to the configure_image() function. This function invokes PHP’s passthru() with the unsanitized input, allowing attackers to inject arbitrary system commands. Exploitation occurs via a crafted POST request, resulting in command execution under the web server’s context.

Affected

1 ranges
VendorProductVersion rangeFixed in
ngstr_m_distribution_projectnarcissus

Detection & IOCsextracted from sources · hover to see the quote

pathbackend.php
otherrelease (POST parameter)
  • Alert on web server processes spawning unexpected child shell processes, indicative of passthru() abuse in PHP
  • ·Command execution occurs under the web server's privilege context, so impact is bounded by the web server user's OS permissions.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.