Unrestricted file upload vulnerability in font-upload.php in the Font Uploader plugin 1.2.4 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a PHP file with a .php.ttf extension, then accessing it via a direct request to the file in font-uploader/fonts.
References
Configurations
Configuration 1 (hide)
AND |
|
Information
Published : 2012-06-27 14:55
Updated : 2012-06-27 21:00
NVD link : CVE-2012-3814
Mitre link : CVE-2012-3814
JSON object : View
CWE
CWE-264
Permissions, Privileges, and Access Controls
Products Affected
pippin_williamson
- font_uploader
wordpress
- wordpress