What is CVE-2012-10036?

CVE-2012-10036 is a vulnerability in Projectpier, classified under Unrestricted Upload of File with Dangerous Type. Published 2025-08-08.

Is CVE-2012-10036 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Arbitrary file upload in Projectpier

CVE-2012-10036

Project Pier 0.8.8 and earlier contains an unauthenticated arbitrary file upload vulnerability in tools/upload_file.php. The upload handler fails to validate the file type or enforce authentication, allowing remote attackers to upload mali…

Vulnerability class: Unrestricted File Upload

EPSS: 0.816 (99.2th percentile) — read the EPSS interpretation.

Affected products

Projectpier — versions 0

Weakness classification (CWE)

CWE-434 — Unrestricted Upload of File with Dangerous Type

Public proof-of-concept exploits

References

raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/u… (exploit)
www.exploit-db.com/exploits/21929 (exploit)
packetstorm.news/files/id/117070 (exploit)
web.archive.org/web/20120111090432/http://www.projectpier.org/ (product)
www.opensourcecms.com/projectpier/ (product)
www.vulncheck.com/advisories/project-pier-arbitrary-file-upload-rce (third-party-advisory)

Frequently asked questions

What is CVE-2012-10036?: CVE-2012-10036 is a vulnerability in Projectpier, classified under Unrestricted Upload of File with Dangerous Type. Published 2025-08-08.
Is CVE-2012-10036 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.