VYPR
← All advisories
Unrated severityNVD Advisory· Published Jan 4, 2012· Updated Apr 29, 2026

CVE-2011-5051

CVE-2011-5051

Description

Multiple unrestricted file upload vulnerabilities in the WP Symposium plugin before 11.12.24 for WordPress allow remote attackers to execute arbitrary code by uploading a file with an executable extension using (1) uploadify/upload_admin_avatar.php or (2) uploadify/upload_profile_avatar.php, then accessing it via a direct request to the file in an unspecified directory inside the webroot.

Affected products

15
  • Wpsymposium/Wp Symposium15 versions
    cpe:2.3:a:wpsymposium:wp_symposium:*:*:*:*:*:*:*:*+ 14 more
    • cpe:2.3:a:wpsymposium:wp_symposium:*:*:*:*:*:*:*:*range: <=11.12.08
    • cpe:2.3:a:wpsymposium:wp_symposium:11.10.1:*:*:*:*:*:*:*
    • cpe:2.3:a:wpsymposium:wp_symposium:11.10.15:*:*:*:*:*:*:*
    • cpe:2.3:a:wpsymposium:wp_symposium:11.10.22:*:*:*:*:*:*:*
    • cpe:2.3:a:wpsymposium:wp_symposium:11.10.29:*:*:*:*:*:*:*
    • cpe:2.3:a:wpsymposium:wp_symposium:11.10.8:*:*:*:*:*:*:*
    • cpe:2.3:a:wpsymposium:wp_symposium:11.11.12:*:*:*:*:*:*:*
    • cpe:2.3:a:wpsymposium:wp_symposium:11.11.19:*:*:*:*:*:*:*
    • cpe:2.3:a:wpsymposium:wp_symposium:11.11.26:*:*:*:*:*:*:*
    • cpe:2.3:a:wpsymposium:wp_symposium:11.11.5:*:*:*:*:*:*:*
    • cpe:2.3:a:wpsymposium:wp_symposium:11.12.03:*:*:*:*:*:*:*
    • cpe:2.3:a:wpsymposium:wp_symposium:11.9.10:*:*:*:*:*:*:*
    • cpe:2.3:a:wpsymposium:wp_symposium:11.9.14:*:*:*:*:*:*:*
    • cpe:2.3:a:wpsymposium:wp_symposium:11.9.17:*:*:*:*:*:*:*
    • cpe:2.3:a:wpsymposium:wp_symposium:11.9.24:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

6

News mentions

0

No linked articles in our index yet.