Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
4 vulnerabilities by zingiri
CVE-2012-4920 (GCVE-0-2012-4920)
Vulnerability from cvelistv5 – Published: 2014-04-04 14:00 – Updated: 2024-08-06 20:50
VLAI
Summary
Directory traversal vulnerability in the zing_forum_output function in forum.php in the Zingiri Forum (aka Forums) plugin before 1.4.4 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the url parameter to index.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/50833 | third-party-advisoryx_refsource_SECUNIA |
| http://wordpress.org/plugins/zingiri-forum/changelog | x_refsource_CONFIRM |
| http://osvdb.org/89069 | vdb-entryx_refsource_OSVDB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2013-01-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:50:17.963Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "50833",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50833"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wordpress.org/plugins/zingiri-forum/changelog"
},
{
"name": "89069",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/89069"
},
{
"name": "wp-zingiriforum-url-directory-traversal(81156)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81156"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-01-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the zing_forum_output function in forum.php in the Zingiri Forum (aka Forums) plugin before 1.4.4 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the url parameter to index.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"name": "50833",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50833"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wordpress.org/plugins/zingiri-forum/changelog"
},
{
"name": "89069",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/89069"
},
{
"name": "wp-zingiriforum-url-directory-traversal(81156)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81156"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2012-4920",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the zing_forum_output function in forum.php in the Zingiri Forum (aka Forums) plugin before 1.4.4 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the url parameter to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "50833",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50833"
},
{
"name": "http://wordpress.org/plugins/zingiri-forum/changelog",
"refsource": "CONFIRM",
"url": "http://wordpress.org/plugins/zingiri-forum/changelog"
},
{
"name": "89069",
"refsource": "OSVDB",
"url": "http://osvdb.org/89069"
},
{
"name": "wp-zingiriforum-url-directory-traversal(81156)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81156"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2012-4920",
"datePublished": "2014-04-04T14:00:00.000Z",
"dateReserved": "2012-09-14T00:00:00.000Z",
"dateUpdated": "2024-08-06T20:50:17.963Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-6506 (GCVE-0-2012-6506)
Vulnerability from cvelistv5 – Published: 2013-01-24 01:00 – Updated: 2024-08-06 21:28
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the Zingiri Web Shop plugin 2.4.0 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter in zing.inc.php or (2) notes parameter in fws/pages-front/onecheckout.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://www.osvdb.org/81493 | vdb-entryx_refsource_OSVDB |
| http://plugins.trac.wordpress.org/changeset?repon… | x_refsource_CONFIRM |
| http://wordpress.org/extend/plugins/zingiri-web-s… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/53278 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/48991 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.exploit-db.com/exploits/18787 | exploitx_refsource_EXPLOIT-DB |
| http://www.osvdb.org/81492 | vdb-entryx_refsource_OSVDB |
Date Public
2012-04-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:28:39.837Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "81493",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/81493"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://plugins.trac.wordpress.org/changeset?reponame=\u0026old=537613%40zingiri-web-shop\u0026new=537613%40zingiri-web-shop"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wordpress.org/extend/plugins/zingiri-web-shop/changelog/"
},
{
"name": "53278",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53278"
},
{
"name": "48991",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48991"
},
{
"name": "zingiriwebshop-onecheckout-xss(75179)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75179"
},
{
"name": "zingiriwebshop-zinginc-xss(75178)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75178"
},
{
"name": "18787",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/18787"
},
{
"name": "81492",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/81492"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-04-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Zingiri Web Shop plugin 2.4.0 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter in zing.inc.php or (2) notes parameter in fws/pages-front/onecheckout.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "81493",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/81493"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://plugins.trac.wordpress.org/changeset?reponame=\u0026old=537613%40zingiri-web-shop\u0026new=537613%40zingiri-web-shop"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wordpress.org/extend/plugins/zingiri-web-shop/changelog/"
},
{
"name": "53278",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53278"
},
{
"name": "48991",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48991"
},
{
"name": "zingiriwebshop-onecheckout-xss(75179)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75179"
},
{
"name": "zingiriwebshop-zinginc-xss(75178)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75178"
},
{
"name": "18787",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/18787"
},
{
"name": "81492",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/81492"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6506",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Zingiri Web Shop plugin 2.4.0 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter in zing.inc.php or (2) notes parameter in fws/pages-front/onecheckout.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "81493",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/81493"
},
{
"name": "http://plugins.trac.wordpress.org/changeset?reponame=\u0026old=537613%40zingiri-web-shop\u0026new=537613%40zingiri-web-shop",
"refsource": "CONFIRM",
"url": "http://plugins.trac.wordpress.org/changeset?reponame=\u0026old=537613%40zingiri-web-shop\u0026new=537613%40zingiri-web-shop"
},
{
"name": "http://wordpress.org/extend/plugins/zingiri-web-shop/changelog/",
"refsource": "CONFIRM",
"url": "http://wordpress.org/extend/plugins/zingiri-web-shop/changelog/"
},
{
"name": "53278",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53278"
},
{
"name": "48991",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48991"
},
{
"name": "zingiriwebshop-onecheckout-xss(75179)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75179"
},
{
"name": "zingiriwebshop-zinginc-xss(75178)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75178"
},
{
"name": "18787",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18787"
},
{
"name": "81492",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/81492"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-6506",
"datePublished": "2013-01-24T01:00:00.000Z",
"dateReserved": "2013-01-23T00:00:00.000Z",
"dateUpdated": "2024-08-06T21:28:39.837Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-4033 (GCVE-0-2012-4033)
Vulnerability from cvelistv5 – Published: 2012-07-18 18:00 – Updated: 2024-08-06 20:21
VLAI
Summary
Multiple unspecified vulnerabilities in the Zingiri Web Shop plugin before 2.4.0 for WordPress have unknown impact and attack vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://wordpress.org/extend/plugins/zingiri-web-s… | x_refsource_CONFIRM |
| http://forums.zingiri.com/announcements.php?aid=2 | x_refsource_CONFIRM |
| http://secunia.com/advisories/48909 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2012-04-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:21:04.303Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "zingiri-wordpress-unspecified(75044)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75044"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wordpress.org/extend/plugins/zingiri-web-shop/changelog/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forums.zingiri.com/announcements.php?aid=2"
},
{
"name": "48909",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48909"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-04-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in the Zingiri Web Shop plugin before 2.4.0 for WordPress have unknown impact and attack vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "zingiri-wordpress-unspecified(75044)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75044"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wordpress.org/extend/plugins/zingiri-web-shop/changelog/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forums.zingiri.com/announcements.php?aid=2"
},
{
"name": "48909",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48909"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4033",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in the Zingiri Web Shop plugin before 2.4.0 for WordPress have unknown impact and attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "zingiri-wordpress-unspecified(75044)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75044"
},
{
"name": "http://wordpress.org/extend/plugins/zingiri-web-shop/changelog/",
"refsource": "CONFIRM",
"url": "http://wordpress.org/extend/plugins/zingiri-web-shop/changelog/"
},
{
"name": "http://forums.zingiri.com/announcements.php?aid=2",
"refsource": "CONFIRM",
"url": "http://forums.zingiri.com/announcements.php?aid=2"
},
{
"name": "48909",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48909"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-4033",
"datePublished": "2012-07-18T18:00:00.000Z",
"dateReserved": "2012-07-18T00:00:00.000Z",
"dateUpdated": "2024-08-06T20:21:04.303Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-0934 (GCVE-0-2012-0934)
Vulnerability from cvelistv5 – Published: 2012-01-29 02:00 – Updated: 2024-08-06 18:38
VLAI
Summary
PHP remote file inclusion vulnerability in ajax/savetag.php in the Theme Tuner plugin for WordPress before 0.8 allows remote attackers to execute arbitrary PHP code via a URL in the tt-abspath parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://spareclockcycles.org/2011/09/18/exploitrin… | x_refsource_MISC |
| http://plugins.trac.wordpress.org/changeset/49216… | x_refsource_CONFIRM |
| http://secunia.com/advisories/47722 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://wordpress.org/extend/plugins/theme-tuner/c… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/51636 | vdb-entryx_refsource_BID |
Date Public
2012-01-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:38:15.012Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://spareclockcycles.org/2011/09/18/exploitring-the-wordpress-extension-repos/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://plugins.trac.wordpress.org/changeset/492167/theme-tuner#file2"
},
{
"name": "47722",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47722"
},
{
"name": "themetuner-savetag-file-include(72626)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72626"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wordpress.org/extend/plugins/theme-tuner/changelog/"
},
{
"name": "51636",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/51636"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-01-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in ajax/savetag.php in the Theme Tuner plugin for WordPress before 0.8 allows remote attackers to execute arbitrary PHP code via a URL in the tt-abspath parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://spareclockcycles.org/2011/09/18/exploitring-the-wordpress-extension-repos/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://plugins.trac.wordpress.org/changeset/492167/theme-tuner#file2"
},
{
"name": "47722",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47722"
},
{
"name": "themetuner-savetag-file-include(72626)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72626"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wordpress.org/extend/plugins/theme-tuner/changelog/"
},
{
"name": "51636",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/51636"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-0934",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in ajax/savetag.php in the Theme Tuner plugin for WordPress before 0.8 allows remote attackers to execute arbitrary PHP code via a URL in the tt-abspath parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://spareclockcycles.org/2011/09/18/exploitring-the-wordpress-extension-repos/",
"refsource": "MISC",
"url": "http://spareclockcycles.org/2011/09/18/exploitring-the-wordpress-extension-repos/"
},
{
"name": "http://plugins.trac.wordpress.org/changeset/492167/theme-tuner#file2",
"refsource": "CONFIRM",
"url": "http://plugins.trac.wordpress.org/changeset/492167/theme-tuner#file2"
},
{
"name": "47722",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47722"
},
{
"name": "themetuner-savetag-file-include(72626)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72626"
},
{
"name": "http://wordpress.org/extend/plugins/theme-tuner/changelog/",
"refsource": "CONFIRM",
"url": "http://wordpress.org/extend/plugins/theme-tuner/changelog/"
},
{
"name": "51636",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51636"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-0934",
"datePublished": "2012-01-29T02:00:00.000Z",
"dateReserved": "2012-01-28T00:00:00.000Z",
"dateUpdated": "2024-08-06T18:38:15.012Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}