CVE-2011-3981

2011-10-0410:55:12

CWE-94

[email protected]

web.nvd.nist.gov

cve-2011-3981

php

remote file inclusion

allwebmenus plugin

wordpress

7.8 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.042 Low

EPSS

Percentile

92.2%

JSON

PHP remote file inclusion vulnerability in actions.php in the Allwebmenus plugin 1.1.3 for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter.

Affected configurations

NVD

Node

liknoallwebmenus_pluginMatch1.1.3

AND

wordpresswordpress

CPENameOperatorVersion
likno:allwebmenus_pluginlikno allwebmenus plugineq1.1.3

CPE	Name	Operator	Version
likno:allwebmenus_plugin	likno allwebmenus plugin	eq	1.1.3

References

plugins.trac.wordpress.org/changeset/438959/allwebmenus-wordpress-menu-plugin/trunk/actions.php?old=408304&old_path=allwebmenus-wordpress-menu-plugin%2Ftrunk%2Factions.php

secunia.com/advisories/46068

www.exploit-db.com/exploits/17861

www.securityfocus.com/bid/49685

exchange.xforce.ibmcloud.com/vulnerabilities/69929