CVE-2011-10011

N/A Unknown
Published: August 13, 2025 Modified: April 15, 2026
View on NVD

Description

WeBid 1.0.2 contains a remote code injection vulnerability in the converter.php script, where unsanitized input in the to parameter of a POST request is written directly into includes/currencies.php. This allows unauthenticated attackers to inject arbitrary PHP code, resulting in persistent remote code execution when the modified script is accessed or included by the application.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/webid_converter.rb
Source: disclosure@vulncheck.com
https://sourceforge.net/projects/simpleauction/
Source: disclosure@vulncheck.com
https://web.archive.org/web/20121024110058/http://www.webidsupport.com/forums/showthread.php?3892
Source: disclosure@vulncheck.com
https://www.exploit-db.com/exploits/17487
Source: disclosure@vulncheck.com
https://www.exploit-db.com/exploits/18934
Source: disclosure@vulncheck.com
https://www.vulncheck.com/advisories/webid-remote-php-code-injection
Source: disclosure@vulncheck.com
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/webid_converter.rb
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

7 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
57.5%
98th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-94

Related CVEs

CVE-2026-7696 6.3
CVE-2026-7695 7.3
CVE-2026-7694 7.3
CVE-2026-7692 6.3
CVE-2026-7691 6.3