Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
6 vulnerabilities by likno
CVE-2012-1011 (GCVE-0-2012-1011)
Vulnerability from nvd – Published: 2012-02-07 21:00 – Updated: 2024-08-06 18:45
VLAI
EPSS
VEX
Summary
actions.php in the AllWebMenus plugin 1.1.8 for WordPress allows remote attackers to bypass intended access restrictions to upload and execute arbitrary PHP code by setting the HTTP_REFERER to a certain value, then uploading a ZIP file containing a PHP file, then accessing it via a direct request to the file in an unspecified directory.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.exploit-db.com/exploits/18407 | exploitx_refsource_EXPLOIT-DB |
| http://www.securityfocus.com/bid/51615 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://wordpress.org/extend/plugins/allwebmenus-w… | x_refsource_CONFIRM |
| http://archives.neohapsis.com/archives/bugtraq/20… | mailing-listx_refsource_BUGTRAQ |
| http://secunia.com/advisories/47659 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2012-01-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:45:26.571Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "18407",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/18407"
},
{
"name": "51615",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/51615"
},
{
"name": "allwebmenus-actions-file-upload(72640)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72640"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wordpress.org/extend/plugins/allwebmenus-wordpress-menu-plugin/changelog/"
},
{
"name": "20120122 AllWebMenus \u003c 1.1.9 WordPress Menu Plugin Arbitrary file upload",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0137.html"
},
{
"name": "47659",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47659"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-01-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "actions.php in the AllWebMenus plugin 1.1.8 for WordPress allows remote attackers to bypass intended access restrictions to upload and execute arbitrary PHP code by setting the HTTP_REFERER to a certain value, then uploading a ZIP file containing a PHP file, then accessing it via a direct request to the file in an unspecified directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "18407",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/18407"
},
{
"name": "51615",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/51615"
},
{
"name": "allwebmenus-actions-file-upload(72640)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72640"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wordpress.org/extend/plugins/allwebmenus-wordpress-menu-plugin/changelog/"
},
{
"name": "20120122 AllWebMenus \u003c 1.1.9 WordPress Menu Plugin Arbitrary file upload",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0137.html"
},
{
"name": "47659",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47659"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1011",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "actions.php in the AllWebMenus plugin 1.1.8 for WordPress allows remote attackers to bypass intended access restrictions to upload and execute arbitrary PHP code by setting the HTTP_REFERER to a certain value, then uploading a ZIP file containing a PHP file, then accessing it via a direct request to the file in an unspecified directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18407",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18407"
},
{
"name": "51615",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51615"
},
{
"name": "allwebmenus-actions-file-upload(72640)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72640"
},
{
"name": "http://wordpress.org/extend/plugins/allwebmenus-wordpress-menu-plugin/changelog/",
"refsource": "CONFIRM",
"url": "http://wordpress.org/extend/plugins/allwebmenus-wordpress-menu-plugin/changelog/"
},
{
"name": "20120122 AllWebMenus \u003c 1.1.9 WordPress Menu Plugin Arbitrary file upload",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0137.html"
},
{
"name": "47659",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47659"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-1011",
"datePublished": "2012-02-07T21:00:00.000Z",
"dateReserved": "2012-02-07T00:00:00.000Z",
"dateUpdated": "2024-08-06T18:45:26.571Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-1010 (GCVE-0-2012-1010)
Vulnerability from nvd – Published: 2012-02-07 21:00 – Updated: 2024-08-06 18:45
VLAI
EPSS
VEX
Summary
Unrestricted file upload vulnerability in actions.php in the AllWebMenus plugin before 1.1.8 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a ZIP file containing a PHP file, then accessing it via a direct request to the file in an unspecified directory.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.exploit-db.com/exploits/18407 | exploitx_refsource_EXPLOIT-DB |
| http://www.securityfocus.com/bid/51615 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://wordpress.org/extend/plugins/allwebmenus-w… | x_refsource_CONFIRM |
| http://archives.neohapsis.com/archives/bugtraq/20… | mailing-listx_refsource_BUGTRAQ |
| http://secunia.com/advisories/47659 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2012-01-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:45:26.590Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "18407",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/18407"
},
{
"name": "51615",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/51615"
},
{
"name": "allwebmenus-actions-file-upload(72640)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72640"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wordpress.org/extend/plugins/allwebmenus-wordpress-menu-plugin/changelog/"
},
{
"name": "20120122 AllWebMenus \u003c 1.1.9 WordPress Menu Plugin Arbitrary file upload",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0137.html"
},
{
"name": "47659",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47659"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-01-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unrestricted file upload vulnerability in actions.php in the AllWebMenus plugin before 1.1.8 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a ZIP file containing a PHP file, then accessing it via a direct request to the file in an unspecified directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "18407",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/18407"
},
{
"name": "51615",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/51615"
},
{
"name": "allwebmenus-actions-file-upload(72640)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72640"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wordpress.org/extend/plugins/allwebmenus-wordpress-menu-plugin/changelog/"
},
{
"name": "20120122 AllWebMenus \u003c 1.1.9 WordPress Menu Plugin Arbitrary file upload",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0137.html"
},
{
"name": "47659",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47659"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1010",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unrestricted file upload vulnerability in actions.php in the AllWebMenus plugin before 1.1.8 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a ZIP file containing a PHP file, then accessing it via a direct request to the file in an unspecified directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18407",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18407"
},
{
"name": "51615",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51615"
},
{
"name": "allwebmenus-actions-file-upload(72640)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72640"
},
{
"name": "http://wordpress.org/extend/plugins/allwebmenus-wordpress-menu-plugin/changelog/",
"refsource": "CONFIRM",
"url": "http://wordpress.org/extend/plugins/allwebmenus-wordpress-menu-plugin/changelog/"
},
{
"name": "20120122 AllWebMenus \u003c 1.1.9 WordPress Menu Plugin Arbitrary file upload",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0137.html"
},
{
"name": "47659",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47659"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-1010",
"datePublished": "2012-02-07T21:00:00.000Z",
"dateReserved": "2012-02-07T00:00:00.000Z",
"dateUpdated": "2024-08-06T18:45:26.590Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3981 (GCVE-0-2011-3981)
Vulnerability from nvd – Published: 2011-10-04 10:00 – Updated: 2024-08-06 23:53
VLAI
EPSS
VEX
Summary
PHP remote file inclusion vulnerability in actions.php in the Allwebmenus plugin 1.1.3 for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://plugins.trac.wordpress.org/changeset/43895… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/49685 | vdb-entryx_refsource_BID |
| http://www.exploit-db.com/exploits/17861 | exploitx_refsource_EXPLOIT-DB |
| http://secunia.com/advisories/46068 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2011-09-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:53:32.637Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://plugins.trac.wordpress.org/changeset/438959/allwebmenus-wordpress-menu-plugin/trunk/actions.php?old=408304\u0026old_path=allwebmenus-wordpress-menu-plugin%2Ftrunk%2Factions.php"
},
{
"name": "49685",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/49685"
},
{
"name": "17861",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/17861"
},
{
"name": "46068",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46068"
},
{
"name": "allwebmenus-actions-file-include(69929)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69929"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-09-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in actions.php in the Allwebmenus plugin 1.1.3 for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://plugins.trac.wordpress.org/changeset/438959/allwebmenus-wordpress-menu-plugin/trunk/actions.php?old=408304\u0026old_path=allwebmenus-wordpress-menu-plugin%2Ftrunk%2Factions.php"
},
{
"name": "49685",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/49685"
},
{
"name": "17861",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/17861"
},
{
"name": "46068",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46068"
},
{
"name": "allwebmenus-actions-file-include(69929)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69929"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3981",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in actions.php in the Allwebmenus plugin 1.1.3 for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://plugins.trac.wordpress.org/changeset/438959/allwebmenus-wordpress-menu-plugin/trunk/actions.php?old=408304\u0026old_path=allwebmenus-wordpress-menu-plugin%2Ftrunk%2Factions.php",
"refsource": "CONFIRM",
"url": "http://plugins.trac.wordpress.org/changeset/438959/allwebmenus-wordpress-menu-plugin/trunk/actions.php?old=408304\u0026old_path=allwebmenus-wordpress-menu-plugin%2Ftrunk%2Factions.php"
},
{
"name": "49685",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/49685"
},
{
"name": "17861",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/17861"
},
{
"name": "46068",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46068"
},
{
"name": "allwebmenus-actions-file-include(69929)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69929"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-3981",
"datePublished": "2011-10-04T10:00:00.000Z",
"dateReserved": "2011-10-03T00:00:00.000Z",
"dateUpdated": "2024-08-06T23:53:32.637Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-1011 (GCVE-0-2012-1011)
Vulnerability from cvelistv5 – Published: 2012-02-07 21:00 – Updated: 2024-08-06 18:45
VLAI
EPSS
VEX
Summary
actions.php in the AllWebMenus plugin 1.1.8 for WordPress allows remote attackers to bypass intended access restrictions to upload and execute arbitrary PHP code by setting the HTTP_REFERER to a certain value, then uploading a ZIP file containing a PHP file, then accessing it via a direct request to the file in an unspecified directory.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.exploit-db.com/exploits/18407 | exploitx_refsource_EXPLOIT-DB |
| http://www.securityfocus.com/bid/51615 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://wordpress.org/extend/plugins/allwebmenus-w… | x_refsource_CONFIRM |
| http://archives.neohapsis.com/archives/bugtraq/20… | mailing-listx_refsource_BUGTRAQ |
| http://secunia.com/advisories/47659 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2012-01-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:45:26.571Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "18407",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/18407"
},
{
"name": "51615",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/51615"
},
{
"name": "allwebmenus-actions-file-upload(72640)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72640"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wordpress.org/extend/plugins/allwebmenus-wordpress-menu-plugin/changelog/"
},
{
"name": "20120122 AllWebMenus \u003c 1.1.9 WordPress Menu Plugin Arbitrary file upload",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0137.html"
},
{
"name": "47659",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47659"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-01-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "actions.php in the AllWebMenus plugin 1.1.8 for WordPress allows remote attackers to bypass intended access restrictions to upload and execute arbitrary PHP code by setting the HTTP_REFERER to a certain value, then uploading a ZIP file containing a PHP file, then accessing it via a direct request to the file in an unspecified directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "18407",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/18407"
},
{
"name": "51615",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/51615"
},
{
"name": "allwebmenus-actions-file-upload(72640)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72640"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wordpress.org/extend/plugins/allwebmenus-wordpress-menu-plugin/changelog/"
},
{
"name": "20120122 AllWebMenus \u003c 1.1.9 WordPress Menu Plugin Arbitrary file upload",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0137.html"
},
{
"name": "47659",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47659"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1011",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "actions.php in the AllWebMenus plugin 1.1.8 for WordPress allows remote attackers to bypass intended access restrictions to upload and execute arbitrary PHP code by setting the HTTP_REFERER to a certain value, then uploading a ZIP file containing a PHP file, then accessing it via a direct request to the file in an unspecified directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18407",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18407"
},
{
"name": "51615",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51615"
},
{
"name": "allwebmenus-actions-file-upload(72640)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72640"
},
{
"name": "http://wordpress.org/extend/plugins/allwebmenus-wordpress-menu-plugin/changelog/",
"refsource": "CONFIRM",
"url": "http://wordpress.org/extend/plugins/allwebmenus-wordpress-menu-plugin/changelog/"
},
{
"name": "20120122 AllWebMenus \u003c 1.1.9 WordPress Menu Plugin Arbitrary file upload",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0137.html"
},
{
"name": "47659",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47659"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-1011",
"datePublished": "2012-02-07T21:00:00.000Z",
"dateReserved": "2012-02-07T00:00:00.000Z",
"dateUpdated": "2024-08-06T18:45:26.571Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-1010 (GCVE-0-2012-1010)
Vulnerability from cvelistv5 – Published: 2012-02-07 21:00 – Updated: 2024-08-06 18:45
VLAI
EPSS
VEX
Summary
Unrestricted file upload vulnerability in actions.php in the AllWebMenus plugin before 1.1.8 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a ZIP file containing a PHP file, then accessing it via a direct request to the file in an unspecified directory.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.exploit-db.com/exploits/18407 | exploitx_refsource_EXPLOIT-DB |
| http://www.securityfocus.com/bid/51615 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://wordpress.org/extend/plugins/allwebmenus-w… | x_refsource_CONFIRM |
| http://archives.neohapsis.com/archives/bugtraq/20… | mailing-listx_refsource_BUGTRAQ |
| http://secunia.com/advisories/47659 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2012-01-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:45:26.590Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "18407",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/18407"
},
{
"name": "51615",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/51615"
},
{
"name": "allwebmenus-actions-file-upload(72640)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72640"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wordpress.org/extend/plugins/allwebmenus-wordpress-menu-plugin/changelog/"
},
{
"name": "20120122 AllWebMenus \u003c 1.1.9 WordPress Menu Plugin Arbitrary file upload",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0137.html"
},
{
"name": "47659",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47659"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-01-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unrestricted file upload vulnerability in actions.php in the AllWebMenus plugin before 1.1.8 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a ZIP file containing a PHP file, then accessing it via a direct request to the file in an unspecified directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "18407",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/18407"
},
{
"name": "51615",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/51615"
},
{
"name": "allwebmenus-actions-file-upload(72640)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72640"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wordpress.org/extend/plugins/allwebmenus-wordpress-menu-plugin/changelog/"
},
{
"name": "20120122 AllWebMenus \u003c 1.1.9 WordPress Menu Plugin Arbitrary file upload",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0137.html"
},
{
"name": "47659",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47659"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1010",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unrestricted file upload vulnerability in actions.php in the AllWebMenus plugin before 1.1.8 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a ZIP file containing a PHP file, then accessing it via a direct request to the file in an unspecified directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18407",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18407"
},
{
"name": "51615",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51615"
},
{
"name": "allwebmenus-actions-file-upload(72640)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72640"
},
{
"name": "http://wordpress.org/extend/plugins/allwebmenus-wordpress-menu-plugin/changelog/",
"refsource": "CONFIRM",
"url": "http://wordpress.org/extend/plugins/allwebmenus-wordpress-menu-plugin/changelog/"
},
{
"name": "20120122 AllWebMenus \u003c 1.1.9 WordPress Menu Plugin Arbitrary file upload",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0137.html"
},
{
"name": "47659",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47659"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-1010",
"datePublished": "2012-02-07T21:00:00.000Z",
"dateReserved": "2012-02-07T00:00:00.000Z",
"dateUpdated": "2024-08-06T18:45:26.590Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3981 (GCVE-0-2011-3981)
Vulnerability from cvelistv5 – Published: 2011-10-04 10:00 – Updated: 2024-08-06 23:53
VLAI
EPSS
VEX
Summary
PHP remote file inclusion vulnerability in actions.php in the Allwebmenus plugin 1.1.3 for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://plugins.trac.wordpress.org/changeset/43895… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/49685 | vdb-entryx_refsource_BID |
| http://www.exploit-db.com/exploits/17861 | exploitx_refsource_EXPLOIT-DB |
| http://secunia.com/advisories/46068 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2011-09-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:53:32.637Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://plugins.trac.wordpress.org/changeset/438959/allwebmenus-wordpress-menu-plugin/trunk/actions.php?old=408304\u0026old_path=allwebmenus-wordpress-menu-plugin%2Ftrunk%2Factions.php"
},
{
"name": "49685",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/49685"
},
{
"name": "17861",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/17861"
},
{
"name": "46068",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46068"
},
{
"name": "allwebmenus-actions-file-include(69929)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69929"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-09-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in actions.php in the Allwebmenus plugin 1.1.3 for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://plugins.trac.wordpress.org/changeset/438959/allwebmenus-wordpress-menu-plugin/trunk/actions.php?old=408304\u0026old_path=allwebmenus-wordpress-menu-plugin%2Ftrunk%2Factions.php"
},
{
"name": "49685",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/49685"
},
{
"name": "17861",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/17861"
},
{
"name": "46068",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46068"
},
{
"name": "allwebmenus-actions-file-include(69929)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69929"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3981",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in actions.php in the Allwebmenus plugin 1.1.3 for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://plugins.trac.wordpress.org/changeset/438959/allwebmenus-wordpress-menu-plugin/trunk/actions.php?old=408304\u0026old_path=allwebmenus-wordpress-menu-plugin%2Ftrunk%2Factions.php",
"refsource": "CONFIRM",
"url": "http://plugins.trac.wordpress.org/changeset/438959/allwebmenus-wordpress-menu-plugin/trunk/actions.php?old=408304\u0026old_path=allwebmenus-wordpress-menu-plugin%2Ftrunk%2Factions.php"
},
{
"name": "49685",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/49685"
},
{
"name": "17861",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/17861"
},
{
"name": "46068",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46068"
},
{
"name": "allwebmenus-actions-file-include(69929)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69929"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-3981",
"datePublished": "2011-10-04T10:00:00.000Z",
"dateReserved": "2011-10-03T00:00:00.000Z",
"dateUpdated": "2024-08-06T23:53:32.637Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}