CVE-2011-5051
Published Jan 4, 2012
Last updated 7 years ago
Overview
- Description
- Multiple unrestricted file upload vulnerabilities in the WP Symposium plugin before 11.12.24 for WordPress allow remote attackers to execute arbitrary code by uploading a file with an executable extension using (1) uploadify/upload_admin_avatar.php or (2) uploadify/upload_profile_avatar.php, then accessing it via a direct request to the file in an unspecified directory inside the webroot.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- NVD-CWE-Other
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wpsymposium:wp_symposium:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8C122CF5-E3D6-4167-A5A0-E2D6455A5DFD",
"versionEndIncluding": "11.12.08"
},
{
"criteria": "cpe:2.3:a:wpsymposium:wp_symposium:11.9.10:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0540AEAD-9CC2-4D8A-8E70-5C1A22A75D7A"
},
{
"criteria": "cpe:2.3:a:wpsymposium:wp_symposium:11.9.14:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "517B31F6-CC56-4119-A7FE-E30DB0A1E302"
},
{
"criteria": "cpe:2.3:a:wpsymposium:wp_symposium:11.9.17:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "94D7F8FA-CCA2-4D03-9224-98B46254ED6B"
},
{
"criteria": "cpe:2.3:a:wpsymposium:wp_symposium:11.9.24:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5E5AAE8D-6868-46FF-96AB-E012698A8222"
},
{
"criteria": "cpe:2.3:a:wpsymposium:wp_symposium:11.10.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2A11403A-6431-4018-B744-4FA8D4780356"
},
{
"criteria": "cpe:2.3:a:wpsymposium:wp_symposium:11.10.8:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DADBB815-2C19-426C-871C-F1298B4895A2"
},
{
"criteria": "cpe:2.3:a:wpsymposium:wp_symposium:11.10.15:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5FD5D2A4-0EE4-4392-BD68-F06C334A048F"
},
{
"criteria": "cpe:2.3:a:wpsymposium:wp_symposium:11.10.22:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2BAC08CA-7FBB-4FC1-A9E0-24DC6EA655DD"
},
{
"criteria": "cpe:2.3:a:wpsymposium:wp_symposium:11.10.29:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "876EBC2E-9535-4E6E-B6AE-C6CE13B7250F"
},
{
"criteria": "cpe:2.3:a:wpsymposium:wp_symposium:11.11.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8D455E3E-3D9F-41EC-B340-5F307FE330ED"
},
{
"criteria": "cpe:2.3:a:wpsymposium:wp_symposium:11.11.12:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E7A651E9-337B-49D4-9BD7-DE8CC6ED439C"
},
{
"criteria": "cpe:2.3:a:wpsymposium:wp_symposium:11.11.19:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7730AD2D-4AE4-49CC-92DA-9F7A0335CF12"
},
{
"criteria": "cpe:2.3:a:wpsymposium:wp_symposium:11.11.26:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8AF33C52-D0B5-4672-8C72-6A3DFFDB1C8D"
},
{
"criteria": "cpe:2.3:a:wpsymposium:wp_symposium:11.12.03:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3F31060A-C133-4818-B1AF-83D5F1E1BC36"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "847DA578-4655-477E-8A6F-99FBE738E4F9"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]