CVE-2012-1010

Exploit

EPSS 9.52%
Veröffentlicht 07.02.2012 21:55:04
Zuletzt bearbeitet 16.06.2026 23:38:47
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

AllWebMenus WordPress Menu Plugin < 1.1.9 - Arbitrary File Upload

Unrestricted file upload vulnerability in actions.php in the AllWebMenus plugin before 1.1.8 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a ZIP file containing a PHP file, then accessing it via a direct request to the file in an unspecified directory.

Mögliche Gegenmaßnahme

AllWebMenus WordPress Menu Plugin: Update to version 1.1.9, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 10

NVD 22 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Likno ≫ Allwebmenus Plugin Version <= 1.1.7

Wordpress ≫ Wordpress

Likno ≫ Allwebmenus Plugin Version1.0.1

Wordpress ≫ Wordpress

Likno ≫ Allwebmenus Plugin Version1.0.3

Wordpress ≫ Wordpress

Likno ≫ Allwebmenus Plugin Version1.0.4

Wordpress ≫ Wordpress

Likno ≫ Allwebmenus Plugin Version1.0.9

Wordpress ≫ Wordpress

Likno ≫ Allwebmenus Plugin Version1.0.10

Wordpress ≫ Wordpress

Likno ≫ Allwebmenus Plugin Version1.0.11

Wordpress ≫ Wordpress

Likno ≫ Allwebmenus Plugin Version1.0.12

Wordpress ≫ Wordpress

Likno ≫ Allwebmenus Plugin Version1.0.17

Wordpress ≫ Wordpress

Likno ≫ Allwebmenus Plugin Version1.0.18

Wordpress ≫ Wordpress

Likno ≫ Allwebmenus Plugin Version1.0.19

Wordpress ≫ Wordpress

Likno ≫ Allwebmenus Plugin Version1.0.20

Wordpress ≫ Wordpress

Likno ≫ Allwebmenus Plugin Version1.0.21

Wordpress ≫ Wordpress

Likno ≫ Allwebmenus Plugin Version1.0.22

Wordpress ≫ Wordpress

Likno ≫ Allwebmenus Plugin Version1.0.23

Wordpress ≫ Wordpress

Likno ≫ Allwebmenus Plugin Version1.0.24

Wordpress ≫ Wordpress

Likno ≫ Allwebmenus Plugin Version1.1.1

Wordpress ≫ Wordpress

Likno ≫ Allwebmenus Plugin Version1.1.2

Wordpress ≫ Wordpress

Likno ≫ Allwebmenus Plugin Version1.1.3

Wordpress ≫ Wordpress

Likno ≫ Allwebmenus Plugin Version1.1.4

Wordpress ≫ Wordpress

Likno ≫ Allwebmenus Plugin Version1.1.5

Wordpress ≫ Wordpress

Likno ≫ Allwebmenus Plugin Version1.1.6

Wordpress ≫ Wordpress

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt AllWebMenus WordPress Menu Plugin

Version [*, 1.1.9)

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	9.52%	0.948

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://archives.neohapsis.com/archives/bugtraq/2012-01/0137.html

Exploit

http://secunia.com/advisories/47659

Vendor Advisory

http://wordpress.org/extend/plugins/allwebmenus-wordpress-menu-plugin/changelog/

http://www.exploit-db.com/exploits/18407

Exploit

http://www.securityfocus.com/bid/51615

https://exchange.xforce.ibmcloud.com/vulnerabilities/72640

https://www.wordfence.com/threat-intel/vulnerabilities/id/d5ab090c-14fd-4d58-a915-fd68e5eaefe1

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2012-1010