Lucene search

[email protected]CVE-2012-3814

HistoryOct 03, 2022 - 4:15 p.m.

CVE-2012-3814

2022-10-0316:15:23

CWE-264

[email protected]

web.nvd.nist.gov

cve-2012-3814

font-upload.php

font uploader plugin

wordpress

file upload vulnerability

php code execution

remote attack

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.9 High

AI Score

Confidence

Low

0.027 Low

EPSS

Percentile

90.6%

JSON

Unrestricted file upload vulnerability in font-upload.php in the Font Uploader plugin 1.2.4 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a PHP file with a .php.ttf extension, then accessing it via a direct request to the file in font-uploader/fonts.

Affected configurations

NVD

Node

pippin_williamsonfont_uploaderMatch1.2.4

AND

wordpresswordpressMatch-

CPENameOperatorVersion
pippin_williamson:font_uploaderpippin williamson font uploadereq1.2.4

CPE	Name	Operator	Version
pippin_williamson:font_uploader	pippin williamson font uploader	eq	1.2.4

References

osvdb.org/82657

secunia.com/advisories/49327

www.exploit-db.com/exploits/18994

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.9 High

AI Score

Confidence

Low

0.027 Low

EPSS

Percentile

90.6%

JSON

Related for CVE-2012-3814

patchstack1 cvelist1 wpvulndb1 prion1 checkpoint_advisories1 nvd1