CVE-2012-2627

Plixer Scrutinizer <9.5.0 - Code Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-2627. PoCs published by Mario Ceballos.

AI-analyzed exploit summary This exploit demonstrates an arbitrary file upload vulnerability in Scrutinizer 9.5.0 due to insufficient input sanitization. The PoC shows a successful upload of a file named 'trustwave.txt' via a POST request to '/d4d/uploader.php'.

Description

d4d/uploader.php in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 allows remote attackers to create or overwrite arbitrary files in %PROGRAMFILES%\Scrutinizer\snmp\mibs\ via a multipart/form-data POST request.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Mario Ceballos · textwebappsphp

https://www.exploit-db.com/exploits/37548

View Code ZIP pw:eip

This exploit demonstrates an arbitrary file upload vulnerability in Scrutinizer 9.5.0 due to insufficient input sanitization. The PoC shows a successful upload of a file named 'trustwave.txt' via a POST request to '/d4d/uploader.php'.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Scrutinizer 9.5.0

No auth needed

Prerequisites: Network access to the target application

MITRE ATT&CK

T1105 - Ingress Tool Transfer

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Third Party Advisory x_refsource_misc

https://www.trustwave.com/spiderlabs/advisories/TWSL2012-014.txt

Broken Link x_refsource_misc

http://www.plixer.com/Press-Releases/plixer-releases-9-5-2.html

Scores

EPSS 0.0573

EPSS Percentile 92.1%

Details

Status published

Products (1)

sonicwall/scrutinizer < 9.5.0

Published Jul 31, 2012

Tracked Since Feb 18, 2026