CVE-2012-5190

CRITICAL

Prizm Content Connect 5.1 - Code Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-5190. PoCs published by Include Security Research.

AI-analyzed exploit summary This exploit demonstrates an arbitrary file upload vulnerability in Prizm Content Connect, allowing an attacker to upload and execute an ASPX shell by manipulating the 'document' parameter. The PoC shows how the server discloses the uploaded file path, enabling remote code execution.

Description

Prizm Content Connect 5.1 has an Arbitrary File Upload Vulnerability

Exploits (1)

exploitdb WORKING POC VERIFIED

by Include Security Research · textwebappsphp

https://www.exploit-db.com/exploits/38204

View Code ZIP pw:eip

This exploit demonstrates an arbitrary file upload vulnerability in Prizm Content Connect, allowing an attacker to upload and execute an ASPX shell by manipulating the 'document' parameter. The PoC shows how the server discloses the uploaded file path, enabling remote code execution.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Prizm Content Connect 5.1

No auth needed

Prerequisites: Network access to the target server · Ability to host a malicious ASPX file on an attacker-controlled server

MITRE ATT&CK

T1105 - Ingress Tool Transfer T1204 - User Execution T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Third Party Advisory, VDB Entry x_refsource_misc

http://www.securityfocus.com/bid/57242

VDB Entry x_refsource_misc

https://exchange.xforce.ibmcloud.com/vulnerabilities/81163

Scores

CVSS v3 9.8

EPSS 0.1075

EPSS Percentile 93.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-434

Status published

Products (1)

accusoft/prizm_content_connect 5.1

Published Jan 21, 2020

Tracked Since Feb 18, 2026