CVE-2012-3578

CVE Database · CVE-2012-3578

CVE-2012-3578

· N/AModified

CVSS v3.1

N/A

EPSS

7.69%

Published

Jun 17, 2012

Modified

Apr 28, 2026

Public PoC / Exploit (2)

All weaponized →

Exploit-DBWordPress Plugin FCChat Widget 2.2.x - 'upload.php' Arbitrary File Upload TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Unrestricted file upload vulnerability in html/Upload.php in the FCChat Widget plugin 2.2.13.1 and earlier for WordPress allows remote attackers to execute arbitrary code by uploading a file with a file with an executable extension followed by a safe extension, then accessing it via a direct request to the file in html/images.

Weaknesses (CWE)

CWE-264

Affected Products (2)

wordpress · fcchat_widgetvulnerable

wordpress · wordpress

References (10)

http://packetstormsecurity.org/files/113323/WordPress-FCChat-Widget-2.x-Shell-Upload.html

Exploit

http://secunia.com/advisories/49419

Vendor Advisory

http://www.opensyscom.fr/Actualites/wordpress-plugins-fcchat-widget-shell-upload-vulnerability.html

Exploit