CVE-2012-1200

Nova CMS - Remote File Inclusion via Multiple Parameter Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 4 public exploits for CVE-2012-1200. PoCs published by indoushka.

AI-analyzed exploit summary The provided text describes a remote file inclusion vulnerability in Nova CMS, where insufficient input sanitization allows attackers to execute malicious PHP code. The example URL demonstrates the vulnerability but lacks executable exploit code.

Description

Multiple PHP remote file inclusion vulnerabilities in Nova CMS allow remote attackers to execute arbitrary PHP code via a URL in the (1) fileType parameter to optimizer/index.php, (2) id parameter to administrator/modules/moduleslist.php, (3) filename parameter to includes/function/gets.php, or (4) conf[blockfile] parameter to includes/function/usertpl.php.

Exploits (4)

exploitdb WRITEUP VERIFIED
by indoushka · textwebappsphp
https://www.exploit-db.com/exploits/36697

The provided text describes a remote file inclusion vulnerability in Nova CMS, where insufficient input sanitization allows attackers to execute malicious PHP code. The example URL demonstrates the vulnerability but lacks executable exploit code.

Classification
Writeup 80%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: Nova CMS (version not specified)
No auth needed
Prerequisites: Access to the vulnerable Nova CMS instance
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by indoushka · textwebappsphp
https://www.exploit-db.com/exploits/36699

The provided text describes a remote file inclusion vulnerability in Nova CMS, where insufficient input sanitization allows attackers to include malicious PHP files via the 'conf[blockfile]' parameter. No actual exploit code is present, only a description and example URL.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: Nova CMS (version not specified)
No auth needed
Prerequisites: Access to the vulnerable endpoint · Ability to host or reference a malicious PHP file
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by indoushka · textwebappsphp
https://www.exploit-db.com/exploits/36698

The provided text describes a remote file inclusion vulnerability in Nova CMS, where insufficient input sanitization allows attackers to include malicious PHP files. The example URL demonstrates the vulnerability but lacks executable exploit code.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: Nova CMS (version not specified)
No auth needed
Prerequisites: Access to the vulnerable Nova CMS instance · Ability to host or reference a malicious PHP file
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by indoushka · textwebappsphp
https://www.exploit-db.com/exploits/36696

The provided text describes a remote file inclusion vulnerability in Nova CMS, where insufficient input sanitization allows attackers to execute malicious PHP code. The example URL demonstrates the vulnerability but lacks executable exploit code.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: Nova CMS (version not specified)
No auth needed
Prerequisites: Network access to the target · Nova CMS installation with vulnerable configuration
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/73159
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/51976

Scores

EPSS 0.0278
EPSS Percentile 84.5%

Details

CWE
CWE-94
Status published
Products (1)
nova-cms/nova_cms
Published Feb 18, 2012
Tracked Since Feb 18, 2026