Auxilium RateMyPet contains an unauthenticated arbitrary file upload vulnerability in upload_banners.php. The banner upload feature fails to validate file types or enforce authentication, allowing remote attackers to upload malicious PHP files. These files are stored in a web-accessible /banners/ directory and can be executed directly, resulting in remote code execution.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Mon, 11 Aug 2025 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Mon, 11 Aug 2025 15:00:00 +0000

Type Values Removed Values Added
Description Auxilium RateMyPet contains an unauthenticated arbitrary file upload vulnerability in upload_banners.php. The banner upload feature fails to validate file types or enforce authentication, allowing remote attackers to upload malicious PHP files. These files are stored in a web-accessible /banners/ directory and can be executed directly, resulting in remote code execution.
Title Auxilium RateMyPet Arbitrary File Upload RCE
Weaknesses CWE-434
References
Metrics cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2025-08-11T15:51:43.803Z

Reserved: 2025-08-07T19:15:24.955Z

Link: CVE-2012-10038

cve-icon Vulnrichment

Updated: 2025-08-11T15:46:33.988Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-08-11T15:15:27.223

Modified: 2025-08-11T18:32:48.867

Link: CVE-2012-10038

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.