QwikSec

Security Database

CVE

CWE

Training

CVE-2011-10011

Published: Aug 13, 2025

Modified: May 15, 2026

PUBLISHED

Description

WeBid 1.0.2 contains a remote code injection vulnerability in the converter.php script, where unsanitized input in the to parameter of a POST request is written directly into includes/currencies.php. This allows unauthenticated attackers to inject arbitrary PHP code, resulting in persistent remote code execution when the modified script is accessed or included by the application.

Vendor	Product	Versions
WeBid	WeBid	affected `0 - <= 1.0.2`

Weaknesses (CWE)

References

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/webid_converter.rb

exploit

https://www.exploit-db.com/exploits/17487

exploit

https://www.exploit-db.com/exploits/18934

exploit

https://web.archive.org/web/20121024110058/http://www.webidsupport.com/forums/showthread.php?3892

vendor-advisory

patch

https://sourceforge.net/projects/simpleauction/

product

https://www.vulncheck.com/advisories/webid-remote-php-code-injection

third-party-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.