CVE-2012-10033

critical

Description

Narcissus is vulnerable to remote code execution via improper input handling in its image configuration workflow. Specifically, the backend.php script fails to sanitize the release parameter before passing it to the configure_image() function. This function invokes PHP’s passthru() with the unsanitized input, allowing attackers to inject arbitrary system commands. Exploitation occurs via a crafted POST request, resulting in command execution under the web server’s context.

References

https://www.vulncheck.com/advisories/narcissus-image-config-command-injection

https://www.exploit-db.com/exploits/22856

https://www.exploit-db.com/exploits/22709

https://web.archive.org/web/20101127002623/https://narcissus.angstrom-distribution.org/

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/narcissus_backend_exec.rb

Details

Source: Mitre, NVD

Published: 2025-08-05

Updated: 2026-04-15

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

CVSS v4

Base Score: 9.3

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Severity: Critical

EPSS

EPSS: 0.01137