Vulnerability Description
Unrestricted file upload vulnerability in font-upload.php in the Font Uploader plugin 1.2.4 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a PHP file with a .php.ttf extension, then accessing it via a direct request to the file in font-uploader/fonts.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Pippin Williamson | Font Uploader | 1.2.4 |
| Wordpress | Wordpress | - |
Related Weaknesses (CWE)
References
- http://osvdb.org/82657
- http://secunia.com/advisories/49327
- http://www.exploit-db.com/exploits/18994Exploit
- http://osvdb.org/82657
- http://secunia.com/advisories/49327
- http://www.exploit-db.com/exploits/18994Exploit
FAQ
What is CVE-2012-3814?
CVE-2012-3814 is a vulnerability with a CVSS score of 7.5 (HIGH). Unrestricted file upload vulnerability in font-upload.php in the Font Uploader plugin 1.2.4 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a PHP file with a .php.ttf ...
How severe is CVE-2012-3814?
CVE-2012-3814 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-3814?
Check the references section above for vendor advisories and patch information. Affected products include: Pippin Williamson Font Uploader, Wordpress Wordpress.