CVE-2012-6509

NetArt Media Car Portal 3.0 - Unauthenticated Arbitrary File Upload via Double Extension Bypass

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-6509.

AI-analyzed exploit summary This advisory details multiple vulnerabilities in Car Portal CMS v3.0, including persistent XSS, CSRF, and arbitrary file upload flaws. It provides technical descriptions, affected modules, and proof-of-concept examples for each vulnerability.

Description

Unrestricted file upload vulnerability in NetArt Media Car Portal 3.0 allows remote attackers to execute arbitrary PHP code by uploading a file a double extension, as demonstrated by .php%00.jpg.

Exploits (1)

exploitdb WRITEUP

webappsphp

https://www.exploit-db.com/exploits/18801

View Code ZIP pw:eip

This advisory details multiple vulnerabilities in Car Portal CMS v3.0, including persistent XSS, CSRF, and arbitrary file upload flaws. It provides technical descriptions, affected modules, and proof-of-concept examples for each vulnerability.

Classification

Writeup 95%

Attack Type

Xss | Auth Bypass | Other

Complexity

Moderate

Reliability

Reliable

Target: Car Portal CMS v3.0

Auth required

Prerequisites: Access to vulnerable modules · Admin or user credentials for CSRF exploitation

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059.007 - JavaScript T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (3)

Core 3

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/53267

Exploit x_refsource_misc

http://packetstormsecurity.org/files/112226/Car-Portal-CMS-3.0-CSRF-XSS-Shell-Upload.html

Various Sources x_refsource_misc

http://www.vulnerability-lab.com/get_content.php?id=502

Scores

EPSS 0.0680

EPSS Percentile 93.2%

Details

Status published

Products (1)

netartmedia/car_portal 3.0

Published Jan 24, 2013

Tracked Since Feb 18, 2026