Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 04/10/2011 Updated: 29/08/2017

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

PHP remote file inclusion vulnerability in actions.php in the Allwebmenus plugin 1.1.3 for WordPress allows remote malicious users to execute arbitrary PHP code via a URL in the abspath parameter.

Vulnerable Product	Search on Vulmon	Subscribe to Product
likno allwebmenus_plugin 1.1.3

# Exploit Title: Allwebmenus Wordpress Menu Plugin Wordpress plugin RFI # Google Dork: inurl:wp-content/plugins/allwebmenus-wordpress-menu-plugin # Date: 09/19/2011 # Author: Ben Schmidt (supernothing (AT) spareclockcyclesorg @_supernothing) # Software Link: wordpressorg/extend/plugins/allwebmenus-wordpress-menu-plugin/download/ # Version: ...

CWE-94 http://secunia.com/advisories/46068 http://www.exploit-db.com/exploits/17861 http://plugins.trac.wordpress.org/changeset/438959/allwebmenus-wordpress-menu-plugin/trunk/actions.php?old=408304&old_path=allwebmenus-wordpress-menu-plugin%2Ftrunk%2Factions.php http://www.securityfocus.com/bid/49685 https://exchange.xforce.ibmcloud.com/vulnerabilities/69929 https://nvd.nist.gov https://www.exploit-db.com/exploits/17861/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2011-3981

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect