CVE-2012-1010

Currently unrated

Key Information:

Vendor: Wordpress
Status: Allwebmenus Plugin
Vendor: CVE Published:; 7 February 2012

Summary

Unrestricted file upload vulnerability in actions.php in the AllWebMenus plugin before 1.1.8 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a ZIP file containing a PHP file, then accessing it via a direct request to the file in an unspecified directory.

References

http://www.exploit-db.com/exploits/18407

exploitx_refsource_EXPLOIT-DB

http://www.securityfocus.com/bid/51615

vdb-entryx_refsource_BID

https://exchange.xforce.ibmcloud.com/vulnerabilities/72640

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Feb 7, 2012
Vulnerability Reserved
Feb 7, 2012