{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/87421?format=json","vulnerability_id":"VCID-x1zn-fap4-u7ee","summary":"PhpTax version 0.8 contains a remote code execution vulnerability in drawimage.php. The pfilez GET parameter is unsafely passed to the exec() function without sanitization. A remote attacker can inject arbitrary shell commands, leading to code execution under the web server's context. No authentication is required.","aliases":[{"alias":"CVE-2012-10037"}],"fixed_packages":[],"affected_packages":[],"references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-10037","reference_id":"","reference_type":"","scores":[{"value":"0.75135","scoring_system":"epss","scoring_elements":"0.98897","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-10037"},{"reference_url":"https://www.exploit-db.com/exploits/21665","reference_id":"21665","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-08-11T15:50:35Z/"}],"url":"https://www.exploit-db.com/exploits/21665"},{"reference_url":"https://www.exploit-db.com/exploits/21833","reference_id":"21833","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-08-11T15:50:35Z/"}],"url":"https://www.exploit-db.com/exploits/21833"},{"reference_url":"https://sourceforge.net/projects/phptax/","reference_id":"phptax","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-08-11T15:50:35Z/"}],"url":"https://sourceforge.net/projects/phptax/"},{"reference_url":"https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/phptax_exec.rb","reference_id":"phptax_exec.rb","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-08-11T15:50:35Z/"}],"url":"https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/phptax_exec.rb"}],"weaknesses":[{"cwe_id":78,"name":"Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')","description":"The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component."}],"exploits":[{"date_added":null,"description":"This module exploits a vulnerability found in PhpTax, an income tax report\n          generator.  When generating a PDF, the icondrawpng() function in drawimage.php\n          does not properly handle the pfilez parameter, which will be used in an exec()\n          statement, and then results in arbitrary remote code execution under the context\n          of the web server.  Please note: authentication is not required to exploit this\n          vulnerability.","required_action":null,"due_date":null,"notes":"Reliability:\n  - unknown-reliability\nStability:\n  - unknown-stability\nSideEffects:\n  - unknown-side-effects\n","known_ransomware_campaign_use":false,"source_date_published":"2012-10-08","exploit_type":null,"platform":"Linux,Unix","source_date_updated":null,"data_source":"Metasploit","source_url":"https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/multi/http/phptax_exec.rb"}],"severity_range_score":"9.3 - 9.3","exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x1zn-fap4-u7ee"}