CVE-2012-10049 (GCVE-0-2012-10049)

Vulnerability from cvelistv5 – Published: 2025-08-08 18:13 – Updated: 2025-08-08 18:44
VLAI?
Title
WebPageTest Arbitrary PHP File Upload RCE
Summary
WebPageTest version 2.6 and earlier contains an arbitrary file upload vulnerability in the resultimage.php script. The application fails to validate or sanitize user-supplied input before saving uploaded files to a publicly accessible directory. This flaw allows remote attackers to upload and execute arbitrary PHP code, resulting in full remote code execution under the web server context.
Severity ?
9.3 (Critical)
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CWE
  • CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
Impacted products
Vendor Product Version
WPO Foundation WebPageTest Affected: * , ≤ 2.6 (semver)
Create a notification for this product.
Credits
dun
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2012-10049",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-08T18:44:45.941355Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-08T18:44:49.016Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://www.exploit-db.com/exploits/20173"
          },
          {
            "tags": [
              "exploit"
            ],
            "url": "https://www.exploit-db.com/exploits/19790"
          },
          {
            "tags": [
              "exploit"
            ],
            "url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/webpagetest_upload_exec.rb"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "modules": [
            "/work/resultimage.php"
          ],
          "product": "WebPageTest",
          "vendor": "WPO Foundation",
          "versions": [
            {
              "lessThanOrEqual": "2.6",
              "status": "affected",
              "version": "*",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "dun"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eWebPageTest version 2.6 and earlier contains an arbitrary file upload vulnerability in the \u003ccode\u003eresultimage.php\u003c/code\u003e script. The application fails to validate or sanitize user-supplied input before saving uploaded files to a publicly accessible directory. This flaw allows remote attackers to upload and execute arbitrary PHP code, resulting in full remote code execution under the web server context.\u003c/p\u003e"
            }
          ],
          "value": "WebPageTest version 2.6 and earlier contains an arbitrary file upload vulnerability in the resultimage.php script. The application fails to validate or sanitize user-supplied input before saving uploaded files to a publicly accessible directory. This flaw allows remote attackers to upload and execute arbitrary PHP code, resulting in full remote code execution under the web server context."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-242",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-242 Code Injection"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 9.3,
            "baseSeverity": "CRITICAL",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-434",
              "description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-08T18:13:47.402Z",
        "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "shortName": "VulnCheck"
      },
      "references": [
        {
          "tags": [
            "exploit"
          ],
          "url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/webpagetest_upload_exec.rb"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://www.exploit-db.com/exploits/19790"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://www.exploit-db.com/exploits/20173"
        },
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.broadcom.com/support/security-center/attacksignatures/detail?asid=26148"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://github.com/catchpoint/WebPageTest"
        },
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.vulncheck.com/advisories/webpagetest-arbitrary-php-file-upload-rce"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "WebPageTest Arbitrary PHP File Upload RCE",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
    "assignerShortName": "VulnCheck",
    "cveId": "CVE-2012-10049",
    "datePublished": "2025-08-08T18:13:47.402Z",
    "dateReserved": "2025-08-08T16:06:25.404Z",
    "dateUpdated": "2025-08-08T18:44:49.016Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2012-10049\",\"sourceIdentifier\":\"disclosure@vulncheck.com\",\"published\":\"2025-08-08T19:15:35.040\",\"lastModified\":\"2025-08-08T20:30:18.180\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"WebPageTest version 2.6 and earlier contains an arbitrary file upload vulnerability in the resultimage.php script. The application fails to validate or sanitize user-supplied input before saving uploaded files to a publicly accessible directory. This flaw allows remote attackers to upload and execute arbitrary PHP code, resulting in full remote code execution under the web server context.\"},{\"lang\":\"es\",\"value\":\"WebPageTest versi\u00f3n 2.6 y anteriores contienen una vulnerabilidad de carga de archivos arbitrarios en el script resultimage.php. La aplicaci\u00f3n no valida ni depura la informaci\u00f3n proporcionada por el usuario antes de guardar los archivos subidos en un directorio de acceso p\u00fablico. Esta falla permite a atacantes remotos cargar y ejecutar c\u00f3digo PHP arbitrario, lo que resulta en la ejecuci\u00f3n completa del c\u00f3digo remoto en el contexto del servidor web.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"disclosure@vulncheck.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":9.3,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}]},\"weaknesses\":[{\"source\":\"disclosure@vulncheck.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-434\"}]}],\"references\":[{\"url\":\"https://github.com/catchpoint/WebPageTest\",\"source\":\"disclosure@vulncheck.com\"},{\"url\":\"https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/webpagetest_upload_exec.rb\",\"source\":\"disclosure@vulncheck.com\"},{\"url\":\"https://www.broadcom.com/support/security-center/attacksignatures/detail?asid=26148\",\"source\":\"disclosure@vulncheck.com\"},{\"url\":\"https://www.exploit-db.com/exploits/19790\",\"source\":\"disclosure@vulncheck.com\"},{\"url\":\"https://www.exploit-db.com/exploits/20173\",\"source\":\"disclosure@vulncheck.com\"},{\"url\":\"https://www.vulncheck.com/advisories/webpagetest-arbitrary-php-file-upload-rce\",\"source\":\"disclosure@vulncheck.com\"},{\"url\":\"https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/webpagetest_upload_exec.rb\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\"},{\"url\":\"https://www.exploit-db.com/exploits/19790\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\"},{\"url\":\"https://www.exploit-db.com/exploits/20173\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2012-10049\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-08-08T18:44:45.941355Z\"}}}], \"references\": [{\"url\": \"https://www.exploit-db.com/exploits/20173\", \"tags\": [\"exploit\"]}, {\"url\": \"https://www.exploit-db.com/exploits/19790\", \"tags\": [\"exploit\"]}, {\"url\": \"https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/webpagetest_upload_exec.rb\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-08-08T18:44:38.305Z\"}}], \"cna\": {\"title\": \"WebPageTest Arbitrary PHP File Upload RCE\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"dun\"}], \"impacts\": [{\"capecId\": \"CAPEC-242\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-242 Code Injection\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 9.3, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"HIGH\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"WPO Foundation\", \"modules\": [\"/work/resultimage.php\"], \"product\": \"WebPageTest\", \"versions\": [{\"status\": \"affected\", \"version\": \"*\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"2.6\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/webpagetest_upload_exec.rb\", \"tags\": [\"exploit\"]}, {\"url\": \"https://www.exploit-db.com/exploits/19790\", \"tags\": [\"exploit\"]}, {\"url\": \"https://www.exploit-db.com/exploits/20173\", \"tags\": [\"exploit\"]}, {\"url\": \"https://www.broadcom.com/support/security-center/attacksignatures/detail?asid=26148\", \"tags\": [\"third-party-advisory\"]}, {\"url\": \"https://github.com/catchpoint/WebPageTest\", \"tags\": [\"product\"]}, {\"url\": \"https://www.vulncheck.com/advisories/webpagetest-arbitrary-php-file-upload-rce\", \"tags\": [\"third-party-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"WebPageTest version 2.6 and earlier contains an arbitrary file upload vulnerability in the resultimage.php script. The application fails to validate or sanitize user-supplied input before saving uploaded files to a publicly accessible directory. This flaw allows remote attackers to upload and execute arbitrary PHP code, resulting in full remote code execution under the web server context.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eWebPageTest version 2.6 and earlier contains an arbitrary file upload vulnerability in the \u003ccode\u003eresultimage.php\u003c/code\u003e script. The application fails to validate or sanitize user-supplied input before saving uploaded files to a publicly accessible directory. This flaw allows remote attackers to upload and execute arbitrary PHP code, resulting in full remote code execution under the web server context.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-434\", \"description\": \"CWE-434 Unrestricted Upload of File with Dangerous Type\"}]}], \"providerMetadata\": {\"orgId\": \"83251b91-4cc7-4094-a5c7-464a1b83ea10\", \"shortName\": \"VulnCheck\", \"dateUpdated\": \"2025-08-08T18:13:47.402Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2012-10049\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-08-08T18:44:49.016Z\", \"dateReserved\": \"2025-08-08T16:06:25.404Z\", \"assignerOrgId\": \"83251b91-4cc7-4094-a5c7-464a1b83ea10\", \"datePublished\": \"2025-08-08T18:13:47.402Z\", \"assignerShortName\": \"VulnCheck\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.