cbcvebase.
CVE-2012-1205
published 2012-02-24

CVE-2012-1205: PHP remote file inclusion vulnerability in relocate-upload.php in Relocate Upload plugin before 0.20 for WordPress allows remote attackers to execute arbitrary…

PriorityP262high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
24.91%
97.6th percentile
PHP remote file inclusion vulnerability in relocate-upload.php in Relocate Upload plugin before 0.20 for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter.

Affected

3 ranges
VendorProductVersion rangeFixed in
alanftrelocate-upload<= 0.14
alanftrelocate-upload
alanftrelocate-upload

Detection & IOCsextracted from sources · hover to see the quote

path/wp-content/plugins/relocate-upload/relocate-upload.php
filenamerelocate-upload.php
  • Detect GET requests to relocate-upload.php containing both 'ru_folder' and 'abspath' parameters, where 'abspath' contains a URL (remote file inclusion attempt).
  • The vulnerable code passes the 'abspath' GET parameter directly into require_once() after urldecode(), allowing arbitrary remote PHP file inclusion. Monitor for HTTP requests where 'abspath' contains 'http://' or 'https://' schemes.
  • Use the Google dork 'inurl:wp-content/plugins/relocate-upload' to identify exposed vulnerable WordPress installations.
  • ·Vulnerability affects Relocate Upload plugin versions before 0.20; version 0.14 was confirmed tested by the researcher.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.