virus logo Intrusion Prevention

WordPress.Plugin.Advanced.Custom.Fields.Remote.File.Inclusion

description-logoDescription

This indicates an attack attempt to exploit a File Inclusion vulnerability in the WordPress blogging software plugin Advanced Custom Fields.
The vulnerability is due to insufficient sanitizing of user supplied inputs when handling crafted HTTP requests. A remote attacker can include arbitrary files and execute them within the context of the application via a crafted HTTP request.

affected-products-logoAffected Products

Advanced Custom Fields plug-in 3.5.1 and earlier versions.

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Currently we are unaware of any vendor supplied patch or updates available for this issue.

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)
ID 34350
Created Jan 29, 2013
Updated Apr 23, 2014
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon
Default Action drop
Active
Affected OS Windows, Linux, BSD, Solaris, MacOS
Affected App PHP_app