cbcvebase.
CVE-2012-10037
published 2025-08-11

CVE-2012-10037: PhpTax version 0.8 contains a remote code execution vulnerability in drawimage.php. The pfilez GET parameter is unsafely passed to the exec() function without…

PriorityP269critical9.3CVSS 4.0
AVNACLATNPRNUINVCHVIHVAHSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EXPLOIT
EPSS
1.44%
69.9th percentile
PhpTax version 0.8 contains a remote code execution vulnerability in drawimage.php. The pfilez GET parameter is unsafely passed to the exec() function without sanitization. A remote attacker can inject arbitrary shell commands, leading to code execution under the web server's context. No authentication is required.

Affected

1 ranges
VendorProductVersion rangeFixed in
phptaxphptax

Detection & IOCsextracted from sources · hover to see the quote

pathdrawimage.php
otherpfilez
  • Monitor HTTP GET requests to drawimage.php containing shell metacharacters or command injection payloads in the pfilez parameter
  • No authentication is required to exploit this vulnerability; treat any unauthenticated request to drawimage.php with a suspicious pfilez value as high-priority
  • Alert on web server process spawning unexpected child shell processes (e.g., /bin/sh, cmd.exe) originating from the PHP/web server process, consistent with exec() abuse
  • ·Exploitation targets PhpTax version 0.8 specifically; verify version before applying detections to avoid false positives on other versions
  • ·The vulnerable code path is triggered during PDF generation via the icondrawpng() function; detections should focus on that specific function/file context
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.