CVE-2012-10042
BaseFortify
Publication date: 2025-08-08
Last updated on: 2025-08-08
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sflog | cms | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Sflog! CMS 1.0 where authenticated users can upload arbitrary files through the blog management interface. The application uses default credentials (admin:secret) and does not properly validate the types of files being uploaded. This allows an attacker to upload a malicious PHP backdoor file into a web-accessible directory, which can then be executed remotely, leading to full remote code execution on the server.
How can this vulnerability impact me? :
The vulnerability can lead to full remote code execution on the affected server. This means an attacker could execute arbitrary commands, potentially taking complete control of the server, accessing sensitive data, modifying or deleting content, and using the server to launch further attacks.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, immediately change the default credentials (admin:secret) to strong, unique passwords to prevent unauthorized access. Disable or restrict file upload functionality in the blog management interface if not needed. Implement proper file type validation to prevent uploading of executable files such as PHP scripts. Additionally, monitor and restrict access to the uploads directory (blogs/download/uploads/) to prevent execution of uploaded files.