CVE-2012-1010

Exploit

EPSS 9.67%
Veröffentlicht 07.02.2012 21:55:04
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

AllWebMenus WordPress Menu Plugin < 1.1.9 - Arbitrary File Upload

Unrestricted file upload vulnerability in actions.php in the AllWebMenus plugin before 1.1.8 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a ZIP file containing a PHP file, then accessing it via a direct request to the file in an unspecified directory.

Mögliche Gegenmaßnahme

AllWebMenus WordPress Menu Plugin: Update to version 1.1.9, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 10

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt AllWebMenus WordPress Menu Plugin

Version [*, 1.1.9)

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Likno ≫ Allwebmenus Plugin Version <= 1.1.7

Wordpress ≫ Wordpress

Likno ≫ Allwebmenus Plugin Version1.0.1

Wordpress ≫ Wordpress

Likno ≫ Allwebmenus Plugin Version1.0.3

Wordpress ≫ Wordpress

Likno ≫ Allwebmenus Plugin Version1.0.4

Wordpress ≫ Wordpress

Likno ≫ Allwebmenus Plugin Version1.0.9

Wordpress ≫ Wordpress

Likno ≫ Allwebmenus Plugin Version1.0.10

Wordpress ≫ Wordpress

Likno ≫ Allwebmenus Plugin Version1.0.11

Wordpress ≫ Wordpress

Likno ≫ Allwebmenus Plugin Version1.0.12

Wordpress ≫ Wordpress

Likno ≫ Allwebmenus Plugin Version1.0.17

Wordpress ≫ Wordpress

Likno ≫ Allwebmenus Plugin Version1.0.18

Wordpress ≫ Wordpress

Likno ≫ Allwebmenus Plugin Version1.0.19

Wordpress ≫ Wordpress

Likno ≫ Allwebmenus Plugin Version1.0.20

Wordpress ≫ Wordpress

Likno ≫ Allwebmenus Plugin Version1.0.21

Wordpress ≫ Wordpress

Likno ≫ Allwebmenus Plugin Version1.0.22

Wordpress ≫ Wordpress

Likno ≫ Allwebmenus Plugin Version1.0.23

Wordpress ≫ Wordpress

Likno ≫ Allwebmenus Plugin Version1.0.24

Wordpress ≫ Wordpress

Likno ≫ Allwebmenus Plugin Version1.1.1

Wordpress ≫ Wordpress

Likno ≫ Allwebmenus Plugin Version1.1.2

Wordpress ≫ Wordpress

Likno ≫ Allwebmenus Plugin Version1.1.3

Wordpress ≫ Wordpress

Likno ≫ Allwebmenus Plugin Version1.1.4

Wordpress ≫ Wordpress

Likno ≫ Allwebmenus Plugin Version1.1.5

Wordpress ≫ Wordpress

Likno ≫ Allwebmenus Plugin Version1.1.6

Wordpress ≫ Wordpress

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	9.67%	0.927

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://archives.neohapsis.com/archives/bugtraq/2012-01/0137.html

Exploit

http://secunia.com/advisories/47659

Vendor Advisory

http://wordpress.org/extend/plugins/allwebmenus-wordpress-menu-plugin/changelog/

http://www.exploit-db.com/exploits/18407

Exploit

http://www.securityfocus.com/bid/51615

https://exchange.xforce.ibmcloud.com/vulnerabilities/72640

https://www.wordfence.com/threat-intel/vulnerabilities/id/d5ab090c-14fd-4d58-a915-fd68e5eaefe1

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2012-1010