CVE-2012-3814

Unrestricted file upload vulnerability in font-upload.php in the Font Uploader plugin 1.2.4 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a PHP file with a .php.ttf extension, then accessing it via a direct request to the file in font-uploader/fonts.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:pippin_williamson:font_uploader:1.2.4:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:-:*:*:*:*:*:*:*

Information

Published : 2012-06-27 14:55

Updated : 2012-06-27 21:00


NVD link : CVE-2012-3814

Mitre link : CVE-2012-3814


JSON object : View

CWE
CWE-264

Permissions, Privileges, and Access Controls

Advertisement

dedicated server usa

Products Affected

pippin_williamson

  • font_uploader

wordpress

  • wordpress