CVE-2012-10033

CRITICAL

Narcissus backend.php - release Parameter Command Injection

Title source: manual
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2012-10033. PoCs published by Metasploit, dun, Dun, sinn3r, including Metasploit module exploits/unix/webapp/narcissus_backend_exec.

AI-analyzed exploit summary This Metasploit module exploits a command injection vulnerability in Narcissus' backend.php via the 'release' parameter, allowing remote code execution under the context of the web server. It leverages the passthru PHP function to execute arbitrary commands.

Description

Narcissus is vulnerable to remote code execution via improper input handling in its image configuration workflow. Specifically, the backend.php script fails to sanitize the release parameter before passing it to the configure_image() function. This function invokes PHP’s passthru() with the unsanitized input, allowing attackers to inject arbitrary system commands. Exploitation occurs via a crafted POST request, resulting in command execution under the web server’s context.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotelinux
https://www.exploit-db.com/exploits/22856

This Metasploit module exploits a command injection vulnerability in Narcissus' backend.php via the 'release' parameter, allowing remote code execution under the context of the web server. It leverages the passthru PHP function to execute arbitrary commands.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Narcissus (version not specified)
No auth needed
Prerequisites: Network access to the target web application · Narcissus backend.php endpoint accessible
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by dun · textwebappsphp
https://www.exploit-db.com/exploits/22709

This exploit demonstrates a command injection vulnerability in Narcissus' backend.php. The 'release' parameter is passed unsanitized to a shell command via passthru(), allowing arbitrary command execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Narcissus (Angstrom distribution image builder)
No auth needed
Prerequisites: Network access to the target application · POST request capability
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
by Dun, sinn3r · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/narcissus_backend_exec.rb

This Metasploit module exploits a command injection vulnerability in Narcissus' backend.php via the $release parameter, allowing remote code execution through the passthru PHP function. The exploit sends a crafted POST request to execute arbitrary commands.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Narcissus (version not specified)
No auth needed
Prerequisites: Network access to the target web application · Vulnerable Narcissus instance with exposed backend.php
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Scores

CVSS v4 9.3
EPSS 0.0114
EPSS Percentile 62.4%
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

CWE
CWE-78
Status published
Products (1)
Ångström Distribution Project/Narcissus
Published Aug 05, 2025
Tracked Since Feb 18, 2026