CVE-2012-10056
PHP Volunteer Management System 1.0.2 Arbitrary File Upload
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
PHP Volunteer Management System v1.0.2 contains an arbitrary file upload vulnerability in its document upload functionality. Authenticated users can upload files to the mods/documents/uploads/ directory without any restriction on file type or extension. Because this directory is publicly accessible and lacks execution controls, attackers can upload a malicious PHP payload and execute it remotely. The application ships with default credentials, making exploitation trivial. Once authenticated, the attacker can upload a PHP shell and trigger it via a direct GET request.
| CWE | CWE-434 |
| Vendor | php volunteer management |
| Product | php volunteer management |
| Published | Aug 13, 2025 |
| Last Updated | Apr 7, 2026 |
Stay Ahead of the Next One
Get instant alerts for php volunteer management php volunteer management
Be the first to know when new unknown vulnerabilities affecting php volunteer management php volunteer management are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
PHP Volunteer Management / PHP Volunteer Management
1.0.2
References
sourceforge.net: https://sourceforge.net/projects/phpvolunteer/ raw.githubusercontent.com: https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/php_volunteer_upload_exec.rb exploit-db.com: https://www.exploit-db.com/exploits/18941 exploit-db.com: https://www.exploit-db.com/exploits/18957 vulncheck.com: https://www.vulncheck.com/advisories/php-volunteer-management-system-arbitrary-file-upload
Credits
Ashoo