CVE-2012-10042

HIGH

Sflog! CMS 1.0 - Authenticated Arbitrary File Upload via Blog Management Interface

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2012-10042. PoCs published by dun, dun, sinn3r, including Metasploit module exploits/multi/http/sflog_upload_exec.

AI-analyzed exploit summary This exploit demonstrates multiple vulnerabilities in sflog! CMS/Blog system, including Local File Inclusion (LFI), admin password disclosure, and arbitrary file upload. The PoC provides clear examples of how to exploit these vulnerabilities with specific HTTP requests and file paths.

Description

Sflog! CMS 1.0 contains an authenticated arbitrary file upload vulnerability in the blog management interface. The application ships with default credentials (admin:secret) and allows authenticated users to upload files via manage.php. The upload mechanism fails to validate file types, enabling attackers to upload a PHP backdoor into a web-accessible directory (blogs/download/uploads/). Once uploaded, the file can be executed remotely, resulting in full remote code execution.

Exploits (2)

exploitdb WORKING POC VERIFIED

by dun · textwebappsphp

https://www.exploit-db.com/exploits/19626

View Code ZIP pw:eip

This exploit demonstrates multiple vulnerabilities in sflog! CMS/Blog system, including Local File Inclusion (LFI), admin password disclosure, and arbitrary file upload. The PoC provides clear examples of how to exploit these vulnerabilities with specific HTTP requests and file paths.

Classification

Working Poc 95%

Attack Type

Info Leak | Auth Bypass | Other

Complexity

Trivial

Reliability

Reliable

Target: sflog! CMS/Blog system <= 1.00

No auth needed

Prerequisites: Access to the target web application

MITRE ATT&CK

T1006 - Direct Volume Access T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC EXCELLENT

by dun, sinn3r · rubypocphp

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/sflog_upload_exec.rb

View Code ZIP pw:eip

This Metasploit module exploits an arbitrary file upload vulnerability in Sflog! CMS 1.0 by leveraging default admin credentials to upload a malicious PHP payload, achieving remote code execution.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Sflog! CMS 1.0

Auth required

Prerequisites: Default admin credentials (admin:secret) · Access to the administrative interface

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1505.003 - Web Shell

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Various Sources exploit

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/sflog_upload_exec.rb

Exploit, Third Party Advisory exploit

https://www.exploit-db.com/exploits/19626

Product product

https://sourceforge.net/projects/sflog/

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/sflog-cms-arbitrary-file-upload-rce

Scores

CVSS v4 8.7

EPSS 0.0091

EPSS Percentile 55.1%

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

CWE

CWE-434

Status published

Products (1)

Sflog!/Sflog! CMS 1.0

Published Aug 08, 2025

Tracked Since Feb 18, 2026