What is CVE-2012-10037?

CVE-2012-10037 is a vulnerability in Phptax, classified under OS Command Injection. Published 2025-08-11.

Is CVE-2012-10037 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

RCE in Phptax

CVE-2012-10037

PhpTax version 0.8 contains a remote code execution vulnerability in drawimage.php. The pfilez GET parameter is unsafely passed to the exec() function without sanitization. A remote attacker can inject arbitrary shell commands, leading to…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.626 (98.4th percentile) — read the EPSS interpretation.

Affected products

Phptax — versions 0.8

Weakness classification (CWE)

CWE-78 — OS Command Injection

Public proof-of-concept exploits

References

raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/m… (exploit)
www.exploit-db.com/exploits/21665 (exploit)
www.exploit-db.com/exploits/21833 (exploit)
sourceforge.net/projects/phptax/ (product)

Frequently asked questions

What is CVE-2012-10037?: CVE-2012-10037 is a vulnerability in Phptax, classified under OS Command Injection. Published 2025-08-11.
Is CVE-2012-10037 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.