CVE-2012-10037
BaseFortify
Publication date: 2025-08-11
Last updated on: 2025-08-11
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| phptax | phptax | 0.8 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in PhpTax version 0.8 in the drawimage.php file. The 'pfilez' GET parameter is passed directly to an exec() system call without proper sanitization, allowing a remote attacker to inject arbitrary shell commands. This leads to remote code execution under the web server's context without requiring any authentication. [1, 3, 4]
How can this vulnerability impact me? :
An attacker can exploit this vulnerability to execute arbitrary commands on the server hosting PhpTax, potentially gaining control over the web server environment. This can lead to unauthorized access, data theft, server compromise, or further attacks on the network. Since no authentication is required, the attack can be performed remotely by anyone. [1, 3, 4]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking for the presence of PhpTax version 0.8 on the target system and testing the drawimage.php endpoint for command injection via the pfilez parameter. A Metasploit module exists that includes an automatic check method which verifies the presence of PhpTax by detecting the string "PHPTAX by William L.Berggren" in the HTTP response body. Alternatively, you can manually send an HTTP GET request to the vulnerable script and observe the response. For example, using curl: curl "http://<target>/phptax/drawimage.php?pfilez=xxx;&pdf=make" and check if the response contains the identifying string or unexpected behavior indicating command execution. Using the Metasploit module (Resource 1 and 3) is the recommended approach for automated detection. [1, 3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include implementing proper input validation and sanitization on the pfilez GET parameter to prevent arbitrary command injection and file inclusion. Restrict or disable the use of exec() calls with user-supplied input in drawimage.php. If possible, restrict access to the vulnerable script or disable the PhpTax application until a patch or fix is applied. Monitoring and blocking suspicious HTTP requests targeting drawimage.php with suspicious pfilez parameters can also help reduce risk. Ultimately, updating or patching the application to a version without this vulnerability is recommended. [4]