CVE-2012-1011

Name of the Vulnerable Software and Affected Versions AllWebMenus plugin version 1.1.8

Description The issue allows remote attackers to bypass access restrictions, upload, and execute arbitrary PHP code. This is achieved by setting the HTTP REFERER to a specific value, uploading a ZIP file that contains a PHP file, and then accessing the uploaded file directly.

Recommendations For AllWebMenus plugin version 1.1.8, consider disabling the actions.php file until a patch is available to prevent the upload and execution of arbitrary PHP code. Restrict access to the upload functionality to minimize the risk of exploitation. Avoid using the HTTP REFERER variable in security checks as it can be easily manipulated by attackers.