CVE-2012-1153

medium

Published 2012-10-06 · Modified 2026-04-29

CVSS v3

—

CVSS v2

6.8

VIR risk

6.8

Description

Unrestricted file upload vulnerability in addons/uploadify/uploadify.php in appRain CMF 0.1.5 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the uploads directory.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.

Application impact

Vendor	Product	Versions
apprain	apprain	`{"endIncluding":"0.1.5"}`
apprain	apprain	`0.1.0`
apprain	apprain	`0.1.1`
apprain	apprain	`0.1.2`
apprain	apprain	`0.1.3`
apprain	apprain	`0.1.4`

References

http://archives.neohapsis.com/archives/bugtraq/2012-01/0128.html
http://www.exploit-db.com/exploits/18392
http://www.exploit-db.com/exploits/18922
http://www.openwall.com/lists/oss-security/2012/03/09/5
http://www.openwall.com/lists/oss-security/2012/03/10/5
http://www.osvdb.org/78473
http://www.securityfocus.com/bid/51576
https://exchange.xforce.ibmcloud.com/vulnerabilities/72466
http://archives.neohapsis.com/archives/bugtraq/2012-01/0128.html
http://www.exploit-db.com/exploits/18392
http://www.exploit-db.com/exploits/18922
http://www.openwall.com/lists/oss-security/2012/03/09/5
http://www.openwall.com/lists/oss-security/2012/03/10/5
http://www.osvdb.org/78473
http://www.securityfocus.com/bid/51576
https://exchange.xforce.ibmcloud.com/vulnerabilities/72466

Verify integrity in audit chain (admin only). AS-IS.