Metrics
Affected Vendors & Products
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
Tue, 12 Aug 2025 12:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Xoda
Xoda xoda |
|
Vendors & Products |
Xoda
Xoda xoda |
Fri, 08 Aug 2025 19:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Fri, 08 Aug 2025 18:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | XODA version 0.4.5 contains an unauthenticated file upload vulnerability that allows remote attackers to execute arbitrary PHP code on the server. The flaw resides in the upload functionality, which fails to properly validate or restrict uploaded file types. By crafting a multipart/form-data POST request, an attacker can upload a .php file directly into the web-accessible files/ directory and trigger its execution via a subsequent GET request. | |
Title | XODA 0.4.5 Arbitrary PHP File Upload | |
Weaknesses | CWE-434 | |
References |
|
|
Metrics |
cvssV4_0
|

Status: PUBLISHED
Assigner: VulnCheck
Published:
Updated: 2025-08-08T18:43:21.963Z
Reserved: 2025-08-08T13:52:20.773Z
Link: CVE-2012-10045

Updated: 2025-08-08T18:43:10.248Z

Status : Awaiting Analysis
Published: 2025-08-08T19:15:34.450
Modified: 2025-08-08T20:30:18.180
Link: CVE-2012-10045

No data.

Updated: 2025-08-12T11:47:21Z