ID WPVDB-ID:A97D7CFB-1E89-408B-9764-1CC0C2D6B8FA
Type wpvulndb
Reporter wpvulndb
Modified 2019-10-21T09:28:43
Description
The wp-symposium WordPress plugin was affected by a Remote File Upload Code Execution security vulnerability.
{"id": "WPVDB-ID:A97D7CFB-1E89-408B-9764-1CC0C2D6B8FA", "type": "wpvulndb", "bulletinFamily": "software", "title": "WP Symposium <= 11.11.26 - Remote File Upload Code Execution", "description": "The wp-symposium WordPress plugin was affected by a Remote File Upload Code Execution security vulnerability.\n", "published": "2014-08-01T10:58:46", "modified": "2019-10-21T09:28:43", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "https://wpscan.com/vulnerability/a97d7cfb-1e89-408b-9764-1cc0c2d6b8fa", "reporter": "wpvulndb", "references": ["https://exchange.xforce.ibmcloud.com/vulnerabilities/72012"], "cvelist": ["CVE-2011-5051"], "lastseen": "2021-02-15T22:15:21", "viewCount": 4, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2011-5051"]}], "rev": 4}, "score": {"value": 6.9, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2011-5051"]}]}, "exploitation": null, "vulnersScore": 6.9}, "affectedSoftware": [{"version": "11.12.24", "operator": "lt", "name": "wp-symposium"}], "exploit": "", "sourceData": "", "generation": 1, "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1646124116}}
{"patchstack": [{"lastseen": "2022-04-20T20:31:26", "description": "Because of this vulnerability, the attackers can execute arbitrary code by uploading a file with an executable extension using uploadify/upload_profile_avatar.php or uploadify/upload_admin_avatar.php.\n\n## Solution\n\nUpdate the plugin.", "cvss3": {}, "published": "2012-01-04T00:00:00", "type": "patchstack", "title": "WordPress Symposium Plugin <= 11.12.24 - Multiple Arbitrary File Upload", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-5051"], "modified": "2012-01-04T00:00:00", "id": "PATCHSTACK:D866C645FC7AF5EB30CF1D640FED2FFE", "href": "https://patchstack.com/database/vulnerability/symposium/wordpress-symposium-plugin-11-12-24-multiple-arbitrary-file-upload", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2022-03-23T12:54:17", "description": "Multiple unrestricted file upload vulnerabilities in the WP Symposium plugin before 11.12.24 for WordPress allow remote attackers to execute arbitrary code by uploading a file with an executable extension using (1) uploadify/upload_admin_avatar.php or (2) uploadify/upload_profile_avatar.php, then accessing it via a direct request to the file in an unspecified directory inside the webroot.", "cvss3": {}, "published": "2012-01-04T19:55:00", "type": "cve", "title": "CVE-2011-5051", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-5051"], "modified": "2017-08-29T01:30:00", "cpe": ["cpe:/a:wpsymposium:wp_symposium:11.10.15", "cpe:/a:wpsymposium:wp_symposium:11.10.22", "cpe:/a:wpsymposium:wp_symposium:11.10.29", "cpe:/a:wpsymposium:wp_symposium:11.9.14", "cpe:/a:wpsymposium:wp_symposium:11.9.24", "cpe:/a:wpsymposium:wp_symposium:11.11.5", "cpe:/a:wpsymposium:wp_symposium:11.12.03", "cpe:/a:wpsymposium:wp_symposium:11.10.8", "cpe:/a:wpsymposium:wp_symposium:11.11.26", "cpe:/a:wpsymposium:wp_symposium:11.12.08", "cpe:/a:wpsymposium:wp_symposium:11.9.10", "cpe:/a:wpsymposium:wp_symposium:11.11.19", "cpe:/a:wpsymposium:wp_symposium:11.11.12", "cpe:/a:wpsymposium:wp_symposium:11.9.17", "cpe:/a:wpsymposium:wp_symposium:11.10.1"], "id": "CVE-2011-5051", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-5051", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:wpsymposium:wp_symposium:11.11.19:*:*:*:*:*:*:*", "cpe:2.3:a:wpsymposium:wp_symposium:11.10.15:*:*:*:*:*:*:*", "cpe:2.3:a:wpsymposium:wp_symposium:11.10.22:*:*:*:*:*:*:*", "cpe:2.3:a:wpsymposium:wp_symposium:11.10.29:*:*:*:*:*:*:*", "cpe:2.3:a:wpsymposium:wp_symposium:11.9.10:*:*:*:*:*:*:*", "cpe:2.3:a:wpsymposium:wp_symposium:11.11.5:*:*:*:*:*:*:*", "cpe:2.3:a:wpsymposium:wp_symposium:11.12.08:*:*:*:*:*:*:*", "cpe:2.3:a:wpsymposium:wp_symposium:11.9.14:*:*:*:*:*:*:*", "cpe:2.3:a:wpsymposium:wp_symposium:11.9.17:*:*:*:*:*:*:*", "cpe:2.3:a:wpsymposium:wp_symposium:11.11.12:*:*:*:*:*:*:*", "cpe:2.3:a:wpsymposium:wp_symposium:11.9.24:*:*:*:*:*:*:*", "cpe:2.3:a:wpsymposium:wp_symposium:11.12.03:*:*:*:*:*:*:*", "cpe:2.3:a:wpsymposium:wp_symposium:11.11.26:*:*:*:*:*:*:*", "cpe:2.3:a:wpsymposium:wp_symposium:11.10.8:*:*:*:*:*:*:*", "cpe:2.3:a:wpsymposium:wp_symposium:11.10.1:*:*:*:*:*:*:*"]}]}
