Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-5051

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2011-5051
Last Modified 05 Jan 2012 09:59:34
Published 04 Jan 2012 02:55:02
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-5051

Summary

Multiple unrestricted file upload vulnerabilities in the WP Symposium plugin before 11.12.24 for WordPress allow remote attackers to execute arbitrary code by uploading a file with an executable extension using (1) uploadify/upload_admin_avatar.php or (2) uploadify/upload_profile_avatar.php, then accessing it via a direct request to the file in an unspecified directory inside the webroot.

Vulnerable Systems

Application

  • Wpsymposium Wp Symposium 11.10.1

  • Wpsymposium Wp Symposium 11.10.15

  • Wpsymposium Wp Symposium 11.10.22

  • Wpsymposium Wp Symposium 11.10.29

  • Wpsymposium Wp Symposium 11.10.8

  • Wpsymposium Wp Symposium 11.11.12

  • Wpsymposium Wp Symposium 11.11.19

  • Wpsymposium Wp Symposium 11.11.26

  • Wpsymposium Wp Symposium 11.11.5

  • Wpsymposium Wp Symposium 11.12.03

  • Wpsymposium Wp Symposium 11.12.08

  • Wpsymposium Wp Symposium 11.9.10

  • Wpsymposium Wp Symposium 11.9.14

  • Wpsymposium Wp Symposium 11.9.17

  • Wpsymposium Wp Symposium 11.9.24


References

CONFIRM - https://wpsymposium-trac.sourcerepo.com/wpsymposium_trac/ticket/265

XF - wpsymposium-admin-profile-file-upload(72012)

MISC - http://secunia.com/secunia_research/2011-91/

SECUNIA - 46097

OSVDB - 78042

OSVDB - 78041


Last Updated: 27 May 2016 10:57:18