CVE-2013-10051 – InstantCMS PHP Code Execution Vulnerability

CVE ID : CVE-2013-10051

Published : Aug. 1, 2025, 9:15 p.m. | 22 minutes ago

Description : A remote PHP code execution vulnerability exists in InstantCMS version 1.6 and earlier due to unsafe use of eval() within the search view handler. Specifically, user-supplied input passed via the look parameter is concatenated into a PHP expression and executed without proper sanitation. A remote attacker can exploit this flaw by sending a crafted HTTP GET request with a base64-encoded payload in the Cmd header, resulting in arbitrary PHP code execution within the context of the web server.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…