CVE-2012-10045

UNKNOWN 0.0

XODA 0.4.5 Arbitrary PHP File Upload

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

XODA version 0.4.5 contains an unauthenticated file upload vulnerability that allows remote attackers to execute arbitrary PHP code on the server. The flaw resides in the upload functionality, which fails to properly validate or restrict uploaded file types. By crafting a multipart/form-data POST request, an attacker can upload a .php file directly into the web-accessible files/ directory and trigger its execution via a subsequent GET request.

CWE	CWE-434
Vendor	xoda
Product	xoda
Published	Aug 8, 2025
Last Updated	Apr 7, 2026

Stay Ahead of the Next One

Get instant alerts for xoda xoda

Be the first to know when new unknown vulnerabilities affecting xoda xoda are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

XODA / XODA

0.4.5

References

NVD ↗ CVE.org ↗ EPSS Data ↗

raw.githubusercontent.com: https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/xoda_file_upload.rb exploit-db.com: https://www.exploit-db.com/exploits/20703 exploit-db.com: https://www.exploit-db.com/exploits/20713 xoda.org: https://xoda.org/ sourceforge.net: https://sourceforge.net/projects/xoda/ vulncheck.com: https://www.vulncheck.com/advisories/xoda-arbitrary-php-file-upload

Credits

Shai rod