CVE-2012-2688

EXPLOITED

PHP <5.3.15, <5.4.5 - Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2012-2688 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 2 public exploits from researchers including shelld3v.

AI-analyzed exploit summary This Python script exploits CVE-2012-2688, a remote code execution vulnerability in PHP's query string parameter handling. It leverages PHP's allow_url_include and auto_prepend_file directives to execute arbitrary commands via a crafted POST request.

Description

Unspecified vulnerability in the _php_stream_scandir function in the stream implementation in PHP before 5.3.15 and 5.4.x before 5.4.5 has unknown impact and remote attack vectors, related to an "overflow."

Exploits (2)

nomisec WORKING POC 5 stars
by shelld3v · remote
https://github.com/shelld3v/CVE-2012-2688

This Python script exploits CVE-2012-2688, a remote code execution vulnerability in PHP's query string parameter handling. It leverages PHP's allow_url_include and auto_prepend_file directives to execute arbitrary commands via a crafted POST request.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: PHP (versions before 5.3.15 and 5.4.5)
No auth needed
Prerequisites: PHP with allow_url_include and auto_prepend_file directives enabled · Network access to the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →
vulncheck_xdb WORKING POC
remote
https://github.com/Luth1er/CVE-2017-18345-COM_JOOMANAGER-ARBITRARY-FILE-DOWNLOAD

This repository contains a functional Python exploit for CVE-2017-18345, targeting an arbitrary file download vulnerability in the Joomanager component for Joomla. The script automates the exploitation process by sending crafted HTTP requests to download sensitive files like configuration.php.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Joomla with Joomanager component
No auth needed
Prerequisites: target URL with vulnerable Joomanager component
devstral-2 · analyzed Feb 27, 2026 Full analysis →

References (14)

Core 14
Core References
Mailing List vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-1307.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/55078
Various Sources vendor-advisory x_refsource_suse
https://hermes.opensuse.org/messages/15376003
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2012/dsa-2527
Vendor Advisory x_refsource_confirm
http://www.php.net/ChangeLog-5.php
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1027287
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/54638
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT5501
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/77155
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2012:108
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1569-1

Scores

EPSS 0.3268
EPSS Percentile 97.0%

Details

VulnCheck KEV 2012-06-19
Status published
Products (46)
php/php 1.0
php/php 2.0
php/php 2.0b10
php/php 3.0
php/php 3.0.1
php/php 3.0.2
php/php 3.0.3
php/php 3.0.4
php/php 3.0.5
php/php 3.0.6
... and 36 more
Published Jul 20, 2012
Tracked Since Feb 18, 2026