CVE-2012-10025

The WordPress plugin Advanced Custom Fields (ACF) version 3.5.1 and below contains a remote file inclusion (RFI) vulnerability in core/actions/export.php. When the PHP configuration directive allow_url_include is enabled (default: Off), an unauthenticated attacker can exploit the acf_abspath POST parameter to include and execute arbitrary remote PHP code. This leads to remote code execution under the web server’s context, allowing full compromise of the host.

CVSS

No CVSS.

References

Link	Resource
http://web.archive.org/web/20121223025326/http://secunia.com:80/advisories/51037
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/wp_advanced_custom_fields_exec.rb
https://wordpress.org/plugins/advanced-custom-fields/
https://wpscan.com/vulnerability/d132d93b-509c-490d-8001-87147ed28c5e/
https://www.exploit-db.com/exploits/23856
https://www.tenable.com/plugins/nessus/63326
https://www.vulncheck.com/advisories/wordpress-plugin-advanced-custom-fields-remote-file-inclusion
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/advanced-custom-fields/advanced-custom-fields-351-remote-code-execution-via-remote-file-inclusion
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/wp_advanced_custom_fields_exec.rb
https://www.exploit-db.com/exploits/23856

Configurations

No configuration.

History

No history.

Information

Published : 2025-08-05 20:15

Updated : 2025-08-07 16:15

NVD link : CVE-2012-10025

Mitre link : CVE-2012-10025

CVE.ORG link : CVE-2012-10025

JSON object : View

Products Affected

No product.

CWE

CWE-98

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

{"id": "CVE-2012-10025", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 10.0, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-08-05T20:15:33.193", "references": [{"url": "http://web.archive.org/web/20121223025326/http://secunia.com:80/advisories/51037", "source": "[email protected]"}, {"url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/wp_advanced_custom_fields_exec.rb", "source": "[email protected]"}, {"url": "https://wordpress.org/plugins/advanced-custom-fields/", "source": "[email protected]"}, {"url": "https://wpscan.com/vulnerability/d132d93b-509c-490d-8001-87147ed28c5e/", "source": "[email protected]"}, {"url": "https://www.exploit-db.com/exploits/23856", "source": "[email protected]"}, {"url": "https://www.tenable.com/plugins/nessus/63326", "source": "[email protected]"}, {"url": "https://www.vulncheck.com/advisories/wordpress-plugin-advanced-custom-fields-remote-file-inclusion", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/advanced-custom-fields/advanced-custom-fields-351-remote-code-execution-via-remote-file-inclusion", "source": "[email protected]"}, {"url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/wp_advanced_custom_fields_exec.rb", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}, {"url": "https://www.exploit-db.com/exploits/23856", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-98"}]}], "descriptions": [{"lang": "en", "value": "The WordPress plugin Advanced Custom Fields (ACF) version 3.5.1 and below contains a remote file inclusion (RFI) vulnerability in core/actions/export.php. When the PHP configuration directive allow_url_include is enabled (default: Off), an unauthenticated attacker can exploit the acf_abspath POST parameter to include and execute arbitrary remote PHP code. This leads to remote code execution under the web server\u2019s context, allowing full compromise of the host."}, {"lang": "es", "value": "El complemento Advanced Custom Fields (ACF) para Wordpress versi\u00f3n 3.5.1 y anteriores, contiene una vulnerabilidad de inclusi\u00f3n remota de archivos (RFI) en core/actions/export.php. Cuando la directiva de configuraci\u00f3n de PHP allow_url_include est\u00e1 habilitada (desactivada por defecto), un atacante no autenticado puede explotar el par\u00e1metro POST acf_abspath para incluir y ejecutar c\u00f3digo PHP remoto arbitrario. Esto provoca la ejecuci\u00f3n remota de c\u00f3digo en el contexto del servidor web, lo que permite la vulneraci\u00f3n total del host."}], "lastModified": "2025-08-07T16:15:28.213", "sourceIdentifier": "[email protected]"}