actions.php in the AllWebMenus plugin 1.1.8 for WordPress allows remote attackers to bypass intended access restrictions to upload and execute arbitrary PHP code by setting the HTTP_REFERER to a certain value, then uploading a ZIP file containing a PHP file, then accessing it via a direct request to the file in an unspecified directory.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2012-02-07T21:00:00

Updated: 2024-08-06T18:45:26.571Z

Reserved: 2012-02-07T00:00:00

Link: CVE-2012-1011

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2012-02-07T21:55:04.297

Modified: 2017-08-29T01:31:09.273

Link: CVE-2012-1011

cve-icon Redhat

No data.