CVE-2012-3814 – Font Uploader <= 1.3 - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2012-3814
Unrestricted file upload vulnerability in font-upload.php in the Font Uploader plugin 1.2.4 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a PHP file with a .php.ttf extension, then accessing it via a direct request to the file in font-uploader/fonts. Vulnerabilidad de subida de ficheros sin restricción en font-upload.php en el complemento Font Uploaderv1.2.4 para WordPress, permite a atacantes remotos ejecutar código PHP de su elección a través de la subida de un fichero PHP con extensión .php.ttf y accediendo a él a través de petición directa en font-uploader/fonts. Unrestricted file upload vulnerability in font-upload.php in the Font Uploader plugin 1.3 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a PHP file with a .php.ttf extension, then accessing it via a direct request to the file in font-uploader/fonts. • https://www.exploit-db.com/exploits/18994 http://osvdb.org/82657 http://secunia.com/advisories/49327 http://www.exploit-db.com/exploits/18994 • CWE-264: Permissions, Privileges, and Access Controls CWE-434: Unrestricted Upload of File with Dangerous Type •