Home

Description

Sflog! CMS 1.0 contains an authenticated arbitrary file upload vulnerability in the blog management interface. The application ships with default credentials (admin:secret) and allows authenticated users to upload files via manage.php. The upload mechanism fails to validate file types, enabling attackers to upload a PHP backdoor into a web-accessible directory (blogs/download/uploads/). Once uploaded, the file can be executed remotely, resulting in full remote code execution.

PUBLISHED Reserved 2025-08-07 | Published 2025-08-08 | Updated 2026-04-07 | Assigner VulnCheck




HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-434 Unrestricted Upload of File with Dangerous Type

Product status

Default status
unknown

1.0
affected

Credits

dun finder

References

www.exploit-db.com/exploits/19626 exploit

raw.githubusercontent.com/...multi/http/sflog_upload_exec.rb exploit

raw.githubusercontent.com/...multi/http/sflog_upload_exec.rb exploit

www.exploit-db.com/exploits/19626 exploit

sourceforge.net/projects/sflog/ product

www.vulncheck.com/...ies/sflog-cms-arbitrary-file-upload-rce third-party-advisory

cve.org (CVE-2012-10042)

nvd.nist.gov (CVE-2012-10042)

Download JSON