What is CVE-2012-10042?

CVE-2012-10042 is a vulnerability in Sflog! Cms, classified under Unrestricted Upload of File with Dangerous Type. Published 2025-08-08.

Is CVE-2012-10042 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Arbitrary file upload in Sflog! Cms

CVE-2012-10042

Sflog! CMS 1.0 contains an authenticated arbitrary file upload vulnerability in the blog management interface. The application ships with default credentials (admin:secret) and allows authenticated users to upload files via manage.php. The…

Vulnerability class: Unrestricted File Upload

EPSS: 0.670 (98.6th percentile) — read the EPSS interpretation.

Affected products

Sflog! Cms — versions 1.0

Weakness classification (CWE)

CWE-434 — Unrestricted Upload of File with Dangerous Type

Public proof-of-concept exploits

References

raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/m… (exploit)
www.exploit-db.com/exploits/19626 (exploit)
sourceforge.net/projects/sflog/ (product)
www.vulncheck.com/advisories/sflog-cms-arbitrary-file-upload-rce (third-party-advisory)

Frequently asked questions

What is CVE-2012-10042?: CVE-2012-10042 is a vulnerability in Sflog! Cms, classified under Unrestricted Upload of File with Dangerous Type. Published 2025-08-08.
Is CVE-2012-10042 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.