CVE-2012-10044

CRITICAL

MobileCartly 1.0 - Unauthenticated Arbitrary File Creation via savepage.php

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2012-10044. PoCs published by Metasploit, Yakir Wizman, including Metasploit module exploits/multi/http/mobilecartly_upload_exec.

AI-analyzed exploit summary This Metasploit module exploits an arbitrary file creation vulnerability in MobileCartly 1.0 via the savepage.php file, which lacks permission checks. It allows attackers to write PHP payloads to the server and execute them, achieving remote code execution (RCE).

Description

MobileCartly version 1.0 contains an arbitrary file creation vulnerability in the savepage.php script. The application fails to perform authentication or authorization checks before invoking file_put_contents() on attacker-controlled input. An unauthenticated attacker can exploit this flaw by sending crafted HTTP GET requests to savepage.php, specifying both the filename and content. This allows arbitrary file creation within the pages/ directory or any writable path on the server, allowing remote code execution.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Metasploit · rubywebappsphp
https://www.exploit-db.com/exploits/21079

This Metasploit module exploits an arbitrary file creation vulnerability in MobileCartly 1.0 via the savepage.php file, which lacks permission checks. It allows attackers to write PHP payloads to the server and execute them, achieving remote code execution (RCE).

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: MobileCartly 1.0
No auth needed
Prerequisites: Network access to the target server · MobileCartly 1.0 installed with default configuration
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Yakir Wizman · textwebappsphp
https://www.exploit-db.com/exploits/20422

This exploit demonstrates an arbitrary file write vulnerability in MobileCartly 1.0, allowing an attacker to write malicious PHP code to a file via the 'savepage.php' endpoint. The PoC includes a simple command execution payload to achieve remote code execution (RCE).

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: MobileCartly 1.0
No auth needed
Prerequisites: Network access to the target application · The 'savepage.php' endpoint must be accessible
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
rubypocphp
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/mobilecartly_upload_exec.rb

This Metasploit module exploits an arbitrary file creation vulnerability in MobileCartly 1.0 via the savepage.php file, which allows unauthenticated users to write PHP payloads to the server and achieve remote code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: MobileCartly 1.0
No auth needed
Prerequisites: Network access to the target · MobileCartly 1.0 installation with write permissions
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Scores

CVSS v4 10.0
EPSS 0.7281
EPSS Percentile 98.8%
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

CWE
CWE-434
Status published
Products (1)
MobileCartly/MobileCartly 1.0
Published Aug 08, 2025
Tracked Since Feb 18, 2026