What is CVE-2012-10045?

CVE-2012-10045 is a vulnerability in Xoda, classified under Unrestricted Upload of File with Dangerous Type. Published 2025-08-08.

Is CVE-2012-10045 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Arbitrary file upload in Xoda

CVE-2012-10045

XODA version 0.4.5 contains an unauthenticated file upload vulnerability that allows remote attackers to execute arbitrary PHP code on the server. The flaw resides in the upload functionality, which fails to properly validate or restrict u…

Vulnerability class: Unrestricted File Upload

EPSS: 0.817 (99.2th percentile) — read the EPSS interpretation.

Affected products

Xoda — versions 0.4.5

Weakness classification (CWE)

CWE-434 — Unrestricted Upload of File with Dangerous Type

Public proof-of-concept exploits

References

raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/u… (exploit)
www.exploit-db.com/exploits/20703 (exploit)
www.exploit-db.com/exploits/20713 (exploit)
xoda.org/ (product)
sourceforge.net/projects/xoda/ (product)
www.vulncheck.com/advisories/xoda-arbitrary-php-file-upload (third-party-advisory)

Frequently asked questions

What is CVE-2012-10045?: CVE-2012-10045 is a vulnerability in Xoda, classified under Unrestricted Upload of File with Dangerous Type. Published 2025-08-08.
Is CVE-2012-10045 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.