What is CVE-2013-10051?

CVE-2013-10051 is a vulnerability in Instantcms, classified under Eval Injection. Published 2025-08-01.

Is CVE-2013-10051 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

RCE in Instantcms

CVE-2013-10051

A remote PHP code execution vulnerability exists in InstantCMS version 1.6 and earlier due to unsafe use of eval() within the search view handler. Specifically, user-supplied input passed via the look parameter is concatenated into a PHP e…

EPSS: 0.828 (99.3th percentile) — read the EPSS interpretation.

Affected products

Instantcms — versions 0

Weakness classification (CWE)

CWE-95 — Eval Injection

Public proof-of-concept exploits

References

raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/u… (exploit)
www.exploit-db.com/exploits/26622 (exploit)
packetstorm.news/files/id/122176 (exploit)
www.vulncheck.com/advisories/instantcms-remote-php-code-execution (third-party-advisory)

Frequently asked questions

What is CVE-2013-10051?: CVE-2013-10051 is a vulnerability in Instantcms, classified under Eval Injection. Published 2025-08-01.
Is CVE-2013-10051 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.