ThreatPress

WordPress Vulnerabilities Database

Back

WordPress AllWebMenus Plugin < 1.1.9 - Arbitrary File Upload

Product
AllWebMenus
Description
AllWebMenus plugin is prone to a arbitrary file upload vulnerability that occurs because the application fails to adequately clean up user-supplied input. Lack of checks in script actions.php allows an attacker to upload upload any file to the vulnerable server. Other attacks are also possible.
Solution
Upgrade the plugin.
Classification
Type Arbitrary File Upload
References
Exploit-DB
CVE
Name CVE-2012-1010
Versions
Affected In <= 1.1.8
Fixed In 1.1.9
Disclosure date
2012-01-22
Credits
6Scan