actions.php in the AllWebMenus plugin 1.1.8 for WordPress allows remote attackers to bypass intended access restrictions to upload and execute arbitrary PHP code by setting the HTTP_REFERER to a certain value, then uploading a ZIP file containing a PHP file, then accessing it via a direct request to the file in an unspecified directory.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2012-02-07T21:00:00
Updated: 2024-08-06T18:45:26.571Z
Reserved: 2012-02-07T00:00:00
Link: CVE-2012-1011
Vulnrichment
No data.
NVD
Status : Modified
Published: 2012-02-07T21:55:04.297
Modified: 2017-08-29T01:31:09.273
Link: CVE-2012-1011
Redhat
No data.