CVE-2012-1011

Currently unrated

Key Information:

Vendor: Wordpress
Status: Allwebmenus Plugin
Vendor: CVE Published:; 7 February 2012

Summary

actions.php in the AllWebMenus plugin 1.1.8 for WordPress allows remote attackers to bypass intended access restrictions to upload and execute arbitrary PHP code by setting the HTTP_REFERER to a certain value, then uploading a ZIP file containing a PHP file, then accessing it via a direct request to the file in an unspecified directory.

References

http://www.exploit-db.com/exploits/18407

exploitx_refsource_EXPLOIT-DB

http://www.securityfocus.com/bid/51615

vdb-entryx_refsource_BID

https://exchange.xforce.ibmcloud.com/vulnerabilities/72640

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Feb 7, 2012
Vulnerability Reserved
Feb 7, 2012