CVE-2012-10044
BaseFortify
Publication date: 2025-08-08
Last updated on: 2025-08-08
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mobilecartly | mobilecartly | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
MobileCartly version 1.0 has an arbitrary file creation vulnerability in the savepage.php script. The application does not perform authentication or authorization checks before using file_put_contents() on input controlled by an attacker. This means an unauthenticated attacker can send specially crafted HTTP GET requests to savepage.php, specifying both the filename and content, allowing them to create arbitrary files within the pages/ directory or any writable path on the server. This can lead to remote code execution.
How can this vulnerability impact me? :
This vulnerability can allow an unauthenticated attacker to create arbitrary files on the server, potentially leading to remote code execution. This means the attacker could run malicious code on the server, compromise the system, steal data, disrupt services, or use the server as a foothold for further attacks.