Unrestricted File Upload Vulnerabilities in WP Symposium Plugin by WordPress
CVE-2011-5051

Currently unrated

Key Information:

Vendor

Wordpress
Status
WP Symposium
Vendor
CVE Published:
4 January 2012

What is CVE-2011-5051?

The WP Symposium plugin for WordPress prior to version 11.12.24 is susceptible to multiple unrestricted file upload vulnerabilities. These flaws allow remote attackers to upload malicious files with executable extensions through specific endpoints, namely uploadify/upload_admin_avatar.php and uploadify/upload_profile_avatar.php. Attackers can then access the uploaded files directly via requests to these files, leading to potential arbitrary code execution within an unspecified directory of the webroot. This presents significant security risks for WordPress users relying on the WP Symposium plugin.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://osvdb.org/78041
vdb-entryx_refsource_OSVDB
http://secunia.com/advisories/46097
third-party-advisoryx_refsource_SECUNIA
https://wpsymposium-trac.sourcerepo.com/wpsymposium_trac/...
x_refsource_CONFIRM

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.