CVE-2012-3814

Pippin Williamson Font Uploader - Access Control

Title source: rule

Description

Unrestricted file upload vulnerability in font-upload.php in the Font Uploader plugin 1.2.4 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a PHP file with a .php.ttf extension, then accessing it via a direct request to the file in font-uploader/fonts.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Sammy FORGIT · phpwebappsphp

https://www.exploit-db.com/exploits/18994

View Code ZIP pw:eip

References (3)

[Exploit] http://www.exploit-db.com/exploits/18994

[Third Party Advisory, VDB Entry] http://osvdb.org/82657

[Third Party Advisory] http://secunia.com/advisories/49327

Scores

EPSS 0.1067

EPSS Percentile 93.3%

Details

CWE

CWE-264

Status published

Products (1)

pippin_williamson/font_uploader 1.2.4

Published Jun 27, 2012

Tracked Since Feb 18, 2026