ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Symposium Plugin <= 11.12.24 - Multiple Arbitrary File Upload

Product
Symposium
Description
Because of this vulnerability, the attackers can execute arbitrary code by uploading a file with an executable extension using uploadify/upload_profile_avatar.php or uploadify/upload_admin_avatar.php.
Solution
Update the plugin.
Classification
Type Arbitrary File Upload
References
CVE Mitre
CVE
Name CVE-2011-5051
Versions
Affected In <= 11.12.24
Fixed In 11.12.25
Disclosure date
2012-01-04
Credits
Secunia Research