Vulnerability Report

CVE-2012-3578

RCE

Title: Wordpress Fcchat Widget RCE

RCE

Proof Of Concept

PoC Available for CVE-2012-3578

CWE Category CWE-264
Published Date Jun 17, 2012
Modified Date Apr 29, 2026
Exploit Status Available
Score 6.8 CVSS v2.0
Exploit Probability (EPSS)
14.40%

Vulnerability Summary

CVE-2012-3578: Unrestricted file upload vulnerability in html/Upload.php in the FCChat Widget plugin 2.2.13.1 and earlier for WordPress allows remote attackers to execute arbitrary code by uploading a file with a file with an executable extension followed by a safe extension, then accessing it via a direct request to the file in html/images.

Impacted Vendors

W
wordpress 2

Reference Links

http://packetstormsecurity.org/files/113323/WordPress-FCChat-Widget-2.x-Shell-Upload.html http://secunia.com/advisories/49419 http://www.opensyscom.fr/Actualites/wordpress-plugins-fcchat-widget-shell-upload-vulnerability.html http://www.securityfocus.com/bid/53855 https://exchange.xforce.ibmcloud.com/vulnerabilities/76123 http://packetstormsecurity.org/files/113323/WordPress-FCChat-Widget-2.x-Shell-Upload.html http://secunia.com/advisories/49419 http://www.opensyscom.fr/Actualites/wordpress-plugins-fcchat-widget-shell-upload-vulnerability.html http://www.securityfocus.com/bid/53855 https://exchange.xforce.ibmcloud.com/vulnerabilities/76123
CVSS v2.0
Source Entity [email protected]
Severity MEDIUM
6.8
Access Vector
N/A
Authentication
N/A
RAW VECTOR AV:N/AC:M/Au:N/C:P/I:P/A:P

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2012-3578 Exploits & PoCs (Proof Of Concept)

Exploit-DB https://www.exploit-db.com/exploits/37370
View Code
MODIFIED

Vulnerability data updated via NVD.

MODIFIED

Vulnerability data or affected products updated.

PUBLISHED

Vulnerability first announced in NVD.

Attack Vector Matrix

Access Vector N/A
Complexity N/A
Privileges N/A
Interaction NONE
CVSS Vector String AV:N/AC:M/Au:N/C:P/I:P/A:P

Affected Stack

No specific products linked.