Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

2 matches found

CVE
CVEadded 2025/08/05 8:3 p.m.16 views

CVE-2012-10033

Narcissus (backend.php) Image Configuration Command Injection is CVE-2012-10033. The flaw: release parameter is not sanitized before passing to configure_image(), which invokes PHP passthru() with the unsanitized input. This enables remote code execution via a crafted POST request under the web s...

9.3CVSS7.5AI score0.01137EPSS
Exploits0References5
Vulnrichment
Vulnrichmentadded 2025/08/05 8:3 p.m.3 views

CVE-2012-10033 Narcissus backend.php Image Configuration Command Injection

Narcissus is vulnerable to remote code execution via improper input handling in its image configuration workflow. Specifically, the backend.php script fails to sanitize the release parameter before passing it to the configureimage function. This function invokes PHP’s passthru with the unsanitize...

9.3CVSS7.4AI score0.01137EPSS
Exploits0References5
Rows per page
Query Builder