CVE-2012-5224
vBadvanced CMPS < 3.2.2 - Remote Code Execution via pages[template] Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2012-5224. PoCs published by PacketiK.
AI-analyzed exploit summary This exploit demonstrates a remote file inclusion vulnerability in vBadvanced CMPS by injecting malicious PHP code via the 'pages[template]' parameter. The PoC includes examples using both base64-encoded data and FTP URLs to execute arbitrary code.
Description
PHP remote file inclusion vulnerability in vb/includes/vba_cmps_include_bottom.php in vBadvanced CMPS 3.2.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the pages[template] parameter.
Exploits (1)
This exploit demonstrates a remote file inclusion vulnerability in vBadvanced CMPS by injecting malicious PHP code via the 'pages[template]' parameter. The PoC includes examples using both base64-encoded data and FTP URLs to execute arbitrary code.