CVE-2012-10038

CRITICAL

Auxilium RateMyPet - Unauthenticated Arbitrary File Upload via Banner Upload Feature

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2012-10038. PoCs published by Metasploit, DaOne, DaOne, sinn3r, including Metasploit module exploits/multi/http/auxilium_upload_exec.

AI-analyzed exploit summary This Metasploit module exploits an arbitrary file upload vulnerability in Auxilium RateMyPet's banner upload feature, allowing remote code execution via PHP or Linux payloads.

Description

Auxilium RateMyPet contains an unauthenticated arbitrary file upload vulnerability in upload_banners.php. The banner upload feature fails to validate file types or enforce authentication, allowing remote attackers to upload malicious PHP files. These files are stored in a web-accessible /banners/ directory and can be executed directly, resulting in remote code execution.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Metasploit · rubywebappslinux
https://www.exploit-db.com/exploits/21836

This Metasploit module exploits an arbitrary file upload vulnerability in Auxilium RateMyPet's banner upload feature, allowing remote code execution via PHP or Linux payloads.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Auxilium RateMyPet
No auth needed
Prerequisites: Network access to the target application · Banner upload functionality enabled
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by DaOne · textwebappsphp
https://www.exploit-db.com/exploits/21329

This exploit demonstrates multiple vulnerabilities in Auxilium PetRatePro, including unauthenticated admin creation, SQL injection, and remote file upload. The PoC provides direct HTTP requests and forms to exploit these issues.

Classification
Working Poc 90%
Attack Type
Sqli | Auth Bypass | Other
Complexity
Trivial
Reliability
Reliable
Target: Auxilium PetRatePro
No auth needed
Prerequisites: Network access to the target application
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
by DaOne, sinn3r · rubypocphp
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/auxilium_upload_exec.rb

This Metasploit module exploits an arbitrary file upload vulnerability in Auxilium RateMyPet, allowing remote code execution by uploading a malicious PHP file via the banner upload feature.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Auxilium RateMyPet (version not specified)
Auth required
Prerequisites: Access to the admin panel for banner upload · PHP payload generation capability
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Scores

CVSS v4 9.3
EPSS 0.0139
EPSS Percentile 68.7%
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

CWE
CWE-434
Status published
Products (1)
Auxilium/RateMyPet
Published Aug 11, 2025
Tracked Since Feb 18, 2026