| Vulnerability Name: | CVE-2012-3814 (CCN-76122) | ||||||||
| Assigned: | 2012-06-01 | ||||||||
| Published: | 2012-06-01 | ||||||||
| Updated: | 2012-06-28 | ||||||||
| Summary: | Unrestricted file upload vulnerability in font-upload.php in the Font Uploader plugin 1.2.4 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a PHP file with a .php.ttf extension, then accessing it via a direct request to the file in font-uploader/fonts. | ||||||||
| CVSS v3 Severity: | 4.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P) 6.4 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:U/RC:UR)
5.1 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P/E:POC/RL:U/RC:UR)
| ||||||||
| Vulnerability Type: | CWE-264 | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2012-3814 Source: OSVDB Type: UNKNOWN 82657 Source: CCN Type: Packetstorm Security Website WordPress Font Uploader 1.2.4 Shell Upload Source: CCN Type: SA49327 Wordpress Font Uploader Plugin Arbitrary File Upload Vulnerability Source: SECUNIA Type: UNKNOWN 49327 Source: CCN Type: Font Uploader Web Site WordPress WordPress Font Uploader « WordPress Plugins Source: EXPLOIT-DB Type: Exploit 18994 Source: CCN Type: OSVDB ID: 82657 Font Uploader Plugin for WordPress wp-content/plugins/font-uploader/font-upload.php File Upload PHP Code Execution Source: CCN Type: BID-53853 WordPress Font Uploader Plugin 'font-upload.php' Arbitrary File Upload Vulnerability Source: XF Type: UNKNOWN fontuploader-fontupload-file-upload(76122) | ||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
| BACK | |||||||||