7.5
CVE-2011-5051
- EPSS 4.26%
- Veröffentlicht 04.01.2012 19:55:02
- Zuletzt bearbeitet 11.04.2025 00:51:21
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginWP Symposium < 11.12.24 - Arbitrary File Upload
Multiple unrestricted file upload vulnerabilities in the WP Symposium plugin before 11.12.24 for WordPress allow remote attackers to execute arbitrary code by uploading a file with an executable extension using (1) uploadify/upload_admin_avatar.php or (2) uploadify/upload_profile_avatar.php, then accessing it via a direct request to the file in an unspecified directory inside the webroot.
Mögliche Gegenmaßnahme
WP Symposium: Update to version 11.12.24, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
WP Symposium
Version
[*, 11.12.24)
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Wpsymposium ≫ Wp Symposium Version <= 11.12.08
Wpsymposium ≫ Wp Symposium Version11.9.10
Wpsymposium ≫ Wp Symposium Version11.9.14
Wpsymposium ≫ Wp Symposium Version11.9.17
Wpsymposium ≫ Wp Symposium Version11.9.24
Wpsymposium ≫ Wp Symposium Version11.10.1
Wpsymposium ≫ Wp Symposium Version11.10.8
Wpsymposium ≫ Wp Symposium Version11.10.15
Wpsymposium ≫ Wp Symposium Version11.10.22
Wpsymposium ≫ Wp Symposium Version11.10.29
Wpsymposium ≫ Wp Symposium Version11.11.5
Wpsymposium ≫ Wp Symposium Version11.11.12
Wpsymposium ≫ Wp Symposium Version11.11.19
Wpsymposium ≫ Wp Symposium Version11.11.26
Wpsymposium ≫ Wp Symposium Version11.12.03
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 4.26% | 0.883 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|