cbcvebase.
CVE-2012-10045
published 2025-08-08

CVE-2012-10045: XODA version 0.4.5 contains an unauthenticated file upload vulnerability that allows remote attackers to execute arbitrary PHP code on the server. The flaw…

PriorityP269critical9.3CVSS 4.0
AVNACLATNPRNUINVCHVIHVAHSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EXPLOIT
EPSS
1.06%
60.4th percentile
XODA version 0.4.5 contains an unauthenticated file upload vulnerability that allows remote attackers to execute arbitrary PHP code on the server. The flaw resides in the upload functionality, which fails to properly validate or restrict uploaded file types. By crafting a multipart/form-data POST request, an attacker can upload a .php file directly into the web-accessible files/ directory and trigger its execution via a subsequent GET request.

Affected

1 ranges
VendorProductVersion rangeFixed in
xodaxoda

Detection & IOCsextracted from sources · hover to see the quote

pathfiles/
  • Detect unauthenticated multipart/form-data POST requests containing PHP files targeting the XODA upload endpoint
  • Alert on GET requests to the files/ directory for newly created .php files, which may indicate post-upload webshell execution
  • Monitor for use of the 'upload' command parameter in HTTP requests to XODA without any authentication headers/session tokens
  • ·Vulnerability is confirmed only on XODA version 0.4.5; detections should be scoped to environments running this specific version
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.