CVE-2011-10011

WeBid 1.0.2 contains a remote code injection vulnerability in the converter.php script, where unsanitized input in the to parameter of a POST request is written directly into includes/currencies.php. This allows unauthenticated attackers to inject arbitrary PHP code, resulting in persistent remote code execution when the modified script is accessed or included by the application.
Code Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
UNKNOWN
---
VulnCheckCNA
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Common Weakness Enumeration
References
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/webid_converter.rb
https://sourceforge.net/projects/simpleauction/
https://web.archive.org/web/20121024110058/http://www.webidsupport.com/forums/showthread.php?3892
https://www.exploit-db.com/exploits/17487
https://www.exploit-db.com/exploits/18934
https://www.vulncheck.com/advisories/webid-remote-php-code-injection