CVE-2012-10037
published 2025-08-11CVE-2012-10037: PhpTax version 0.8 contains a remote code execution vulnerability in drawimage.php. The pfilez GET parameter is unsafely passed to the exec() function without…
PriorityP269critical9.3CVSS 4.0
AVNACLATNPRNUINVCHVIHVAHSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EXPLOIT
EPSS
1.44%
69.9th percentile
PhpTax version 0.8 contains a remote code execution vulnerability in drawimage.php. The pfilez GET parameter is unsafely passed to the exec() function without sanitization. A remote attacker can inject arbitrary shell commands, leading to code execution under the web server's context. No authentication is required.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| phptax | phptax | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor HTTP GET requests to drawimage.php containing shell metacharacters or command injection payloads in the pfilez parameter ↗
- →No authentication is required to exploit this vulnerability; treat any unauthenticated request to drawimage.php with a suspicious pfilez value as high-priority ↗
- →Alert on web server process spawning unexpected child shell processes (e.g., /bin/sh, cmd.exe) originating from the PHP/web server process, consistent with exec() abuse ↗
- ·Exploitation targets PhpTax version 0.8 specifically; verify version before applying detections to avoid false positives on other versions ↗
- ·The vulnerable code path is triggered during PDF generation via the icondrawpng() function; detections should focus on that specific function/file context ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
2025-08-11
Published