CVE-2012-10038

Auxilium RateMyPet Arbitrary File Upload RCE

CVSS 9.3 CRITICALEPSS 1.4%CWE-434

Auxilium RateMyPet contains an unauthenticated arbitrary file upload vulnerability in upload_banners.php. The banner upload feature fails to validate file types or enforce authentication, allowing remote attackers to upload malicious PHP files. These files are stored in a web-accessible /banners/ directory and can be executed directly, resulting in remote code execution.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Productos afectados

Auxilium · RateMyPet

PoCs públicas encontradas — 3

cve_referencewww.exploit-db.com/exploits/21329no verificado cve_referencewww.exploit-db.com/exploits/21836no verificado cve_referenceraw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/auxilium_upload_exec.rbno verificado

⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/auxilium_upload_exec.rb https://web.archive.org/web/20120331222419/http://www.auxiliumsoftware.com/https://www.exploit-db.com/exploits/21329 https://www.exploit-db.com/exploits/21836