CVE-2012-10044
MobileCartly 1.0 savepage.php Arbitrary File Creation
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
MobileCartly version 1.0 contains an arbitrary file creation vulnerability in the savepage.php script. The application fails to perform authentication or authorization checks before invoking file_put_contents() on attacker-controlled input. An unauthenticated attacker can exploit this flaw by sending crafted HTTP GET requests to savepage.php, specifying both the filename and content. This allows arbitrary file creation within the pages/ directory or any writable path on the server, allowing remote code execution.
| CWE | CWE-434 |
| Vendor | mobilecartly |
| Product | mobilecartly |
| Published | Aug 8, 2025 |
| Last Updated | Apr 7, 2026 |
Stay Ahead of the Next One
Get instant alerts for mobilecartly mobilecartly
Be the first to know when new unknown vulnerabilities affecting mobilecartly mobilecartly are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
MobileCartly / MobileCartly
1.0
References
raw.githubusercontent.com: https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/mobilecartly_upload_exec.rb exploit-db.com: https://www.exploit-db.com/exploits/20422 exploit-db.com: https://www.exploit-db.com/exploits/21079 web.archive.org: https://web.archive.org/web/20120919081957/http://mobilecartly.com/ vulncheck.com: https://www.vulncheck.com/advisories/mobilecartly-arbitrary-file-creation
Credits
Yakir Wizman