CVE-2012-10026
BaseFortify
Publication date: 2025-08-05
Last updated on: 2025-08-07
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wordpress | asset-manager | 2.0 |
| wordpress | asset-manager | 0.2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability exists in the WordPress plugin Asset-Manager version 2.0 and below, where the upload.php file does not properly validate or restrict the types of files that can be uploaded. This allows an unauthenticated remote attacker to upload malicious PHP scripts to a predictable temporary directory. The attacker can then execute these scripts by sending a direct HTTP GET request, resulting in remote code execution with the web server's privileges.
How can this vulnerability impact me? :
This vulnerability can lead to remote code execution on the affected web server, allowing attackers to run arbitrary code. This can result in full compromise of the server, unauthorized access to sensitive data, defacement of the website, installation of malware, or use of the server as a launch point for further attacks.