6.8
CVE-2012-3578
- EPSS 7.69%
- Veröffentlicht 17.06.2012 03:41:42
- Zuletzt bearbeitet 16.06.2026 23:43:30
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
FCChat Widget < 2.2.13.7 - Arbitrary File Upload
Unrestricted file upload vulnerability in html/Upload.php in the FCChat Widget plugin 2.2.13.1 and earlier for WordPress allows remote attackers to execute arbitrary code by uploading a file with a file with an executable extension followed by a safe extension, then accessing it via a direct request to the file in html/images.
Mögliche Gegenmaßnahme
FCChat Widget: Update to version 2.2.13.7, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Wordpress ≫ Fcchat Widget Version <= 2.2.13.1
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
FCChat Widget
Version
[*, 2.2.13.7)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 7.69% | 0.938 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
http://packetstormsecurity.org/files/113323/WordPress-FCChat-Widget-2.x-Shell-Upload.html
http://secunia.com/advisories/49419
http://www.opensyscom.fr/Actualites/wordpress-plugins-fcchat-widget-shell-upload-vulnerability.html
http://www.securityfocus.com/bid/53855
https://exchange.xforce.ibmcloud.com/vulnerabilities/76123
https://www.wordfence.com/threat-intel/vulnerabilities/id/d8e849fb-76e0-427a-8e05-d340add1c150