actions.php in the AllWebMenus plugin 1.1.8 for WordPress allows remote attackers to bypass intended access restrictions to upload and execute arbitrary PHP code by setting the HTTP_REFERER to a certain value, then uploading a ZIP file containing a PHP file, then accessing it via a direct request to the file in an unspecified directory.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2012-02-07T21:00:00
Updated: 2024-08-06T18:45:26.571Z
Reserved: 2012-02-07T00:00:00
Link: CVE-2012-1011
Vulnrichment
No data.
NVD
Status : Modified
Published: 2012-02-07T21:55:04.297
Modified: 2024-11-21T01:36:11.613
Link: CVE-2012-1011
Redhat
No data.