cve/CVE-2012-10033.md at master

0xMarcio/cve

Fork 0

Files

0xMarcio cb00e1339f Update CVE list 2025-09-29 21:09

2025-09-29 21:09:30 +02:00

1.2 KiB

Raw Permalink Blame History

CVE-2012-10033

Description

Narcissus is vulnerable to remote code execution via improper input handling in its image configuration workflow. Specifically, the backend.php script fails to sanitize the release parameter before passing it to the configure_image() function. This function invokes PHP’s passthru() with the unsanitized input, allowing attackers to inject arbitrary system commands. Exploitation occurs via a crafted POST request, resulting in command execution under the web server’s context.

POC

Reference

https://www.exploit-db.com/exploits/22709
https://www.exploit-db.com/exploits/22856
https://www.vulncheck.com/advisories/narcissus-image-config-command-injection

Github

No PoCs found on GitHub currently.

1.2 KiB Raw Permalink Blame History Unescape Escape

CVE-2012-10033

Description

POC

Reference

Github

1.2 KiB

Raw Permalink Blame History