PT-2025-31985 · Narcissus · Narcissus
Published
2025-08-05
·
Updated
2025-08-05
·
CVE-2012-10033
CVSS v4.0
9.3
Critical
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Narcissus (affected versions not specified)
Description
Narcissus is vulnerable to remote code execution due to improper input handling in its image configuration workflow. The
backend.php script fails to sanitize the release parameter before passing it to the configure image() function. This function invokes the PHP passthru() function with the unsanitized input, allowing attackers to inject arbitrary system commands. Exploitation occurs via a crafted POST request, resulting in command execution under the web server’s context.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
RCE
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Narcissus