CVE-2012-10042

UNKNOWN 0.0

Sflog! CMS 1.0 Arbitrary File Upload RCE

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Sflog! CMS 1.0 contains an authenticated arbitrary file upload vulnerability in the blog management interface. The application ships with default credentials (admin:secret) and allows authenticated users to upload files via manage.php. The upload mechanism fails to validate file types, enabling attackers to upload a PHP backdoor into a web-accessible directory (blogs/download/uploads/). Once uploaded, the file can be executed remotely, resulting in full remote code execution.

CWE	CWE-434
Vendor	sflog!
Product	sflog! cms
Published	Aug 8, 2025
Last Updated	Apr 7, 2026

Stay Ahead of the Next One

Get instant alerts for sflog! sflog! cms

Be the first to know when new unknown vulnerabilities affecting sflog! sflog! cms are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Sflog! / Sflog! CMS

1.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

raw.githubusercontent.com: https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/sflog_upload_exec.rb exploit-db.com: https://www.exploit-db.com/exploits/19626 sourceforge.net: https://sourceforge.net/projects/sflog/ vulncheck.com: https://www.vulncheck.com/advisories/sflog-cms-arbitrary-file-upload-rce

Credits

dun