CVE-2012-5223

vBSEO < 3.6.0 - Remote Code Execution via char_repl Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2012-5223. PoCs published by EgiX, including Metasploit module exploits/multi/http/vbseo_proc_deutf.

AI-analyzed exploit summary This Metasploit module exploits a PHP code injection vulnerability in vBSEO <= 3.6.0 via the 'char_repl' POST parameter, leveraging the 'e' modifier in preg_replace() to execute arbitrary code.

Description

The proc_deutf function in includes/functions_vbseocp_abstract.php in vBSEO 3.5.0, 3.5.1, 3.5.2, 3.6.0, and earlier allows remote attackers to insert and execute arbitrary PHP code via "complex curly syntax" in the char_repl parameter, which is inserted into a regular expression that is processed by the preg_replace function with the eval switch.

Exploits (2)

exploitdb WORKING POC VERIFIED
by EgiX · rubywebappsphp
https://www.exploit-db.com/exploits/18424

This Metasploit module exploits a PHP code injection vulnerability in vBSEO <= 3.6.0 via the 'char_repl' POST parameter, leveraging the 'e' modifier in preg_replace() to execute arbitrary code.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: vBSEO <= 3.6.0
No auth needed
Prerequisites: Access to the target's vbseocp.php endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/vbseo_proc_deutf.rb

This Metasploit module exploits a PHP code injection vulnerability in vBSEO's 'proc_deutf()' function via unsanitized input in the 'char_repl' POST parameter, leveraging the 'e' modifier in preg_replace(). It allows arbitrary code execution through base64-encoded payloads.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: vBSEO versions 3.6.0 and earlier
No auth needed
Prerequisites: Access to the target's vbseocp.php endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/18424
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/72689
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/51647
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/47699
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/78508

Scores

EPSS 0.4053
EPSS Percentile 98.5%

Details

CWE
CWE-94
Status published
Products (17)
crawlability/vbseo 2.0.0
crawlability/vbseo 2.1.0
crawlability/vbseo 2.1.1
crawlability/vbseo 2.2.0
crawlability/vbseo 2.3.0
crawlability/vbseo 2.4.0
crawlability/vbseo 2.4.5
crawlability/vbseo 3.0.0 (6 CPE variants)
crawlability/vbseo 3.1.0
crawlability/vbseo 3.2.0 (5 CPE variants)
... and 7 more
Published Oct 01, 2012
Tracked Since Feb 18, 2026