NVD

Id
11311  
Name
CVE-2011-5051  
Description
Multiple unrestricted file upload vulnerabilities in the WP Symposium plugin before 11.12.24 for WordPress allow remote attackers to execute arbitrary code by uploading a file with an executable extension using (1) uploadify/upload_admin_avatar.php or (2) uploadify/upload_profile_avatar.php, then accessing it via a direct request to the file in an unspecified directory inside the webroot.  
Reject
 
CVSS Version
2  
CVSS Score
7.5  
Severity
High  
CVSS Base Score
7.5  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:P/I:P/A:P)  
Pub Date
2017-01-07  
Published
2012-01-04  
Modified Date
2012-01-05  
Seq
2011-5051  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
62512 11311 CVE-2011-5051 wpsymposium-admin-profile-file-upload(72012)  View
62513 11311 CVE-2011-5051 https://wpsymposium-trac.sourcerepo.com/wpsymposium_trac/ticket/265  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
25303 JVNDB-2012-001010 WordPress 用の WP Symposium プラグインにおける任意のコードを実行される脆弱性 WordPress 用の WP Symposium プラグインは、(1) uploadify/upload_admin_avatar.php または (2) uploadify/upload_profile_avatar.php を用いて、実行可能な拡張子を含むファイルをアップロードされ、アクセスされることで、任意のコードを実行される脆弱性が存在します。 CVE-2011-5051 52958 CVE-2011-5051 11311 7.5 http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001010.html 2012-01-04 2012-01-06 View