CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2012-3814

Unrestricted file upload vulnerability in font-upload.php in the Font Uploader plugin 1.2.4 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a PHP file with a .php.ttf extension, then accessing it via a direct request to the file in font-uploader/fonts.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.083

EPSS Ranking 91.9%

CVSS Severity

CVSS v2 Score 7.5

References

http://osvdb.org/82657
http://secunia.com/advisories/49327
http://www.exploit-db.com/exploits/18994
http://osvdb.org/82657
http://secunia.com/advisories/49327
http://www.exploit-db.com/exploits/18994

Products affected by CVE-2012-3814

Pippin Williamson » Font Uploader » Version: 1.2.4

cpe:2.3:a:pippin_williamson:font_uploader:1.2.4
Wordpress » Wordpress » Version: N/A

cpe:2.3:a:wordpress:wordpress:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2012-3814

Products

Pricing

Contact Us