CVE-2011-10011
CRITICALWeBid 1.0.2 - Code Injection
Title source: llmDescription
WeBid 1.0.2 contains a remote code injection vulnerability in the converter.php script, where unsanitized input in the to parameter of a POST request is written directly into includes/currencies.php. This allows unauthenticated attackers to inject arbitrary PHP code, resulting in persistent remote code execution when the modified script is accessed or included by the application.
Exploits (3)
exploitdb
WORKING POC
VERIFIED
by Metasploit · rubywebappsphp
https://www.exploit-db.com/exploits/18934
metasploit
WORKING POC
EXCELLENT
by EgiX, juan vazquez · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/webid_converter.rb
References (6)
Scores
CVSS v4
10.0
EPSS
0.5351
EPSS Percentile
98.0%
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Details
CWE
CWE-94
Status
published
Products (1)
WeBid/WeBid
< 1.0.2
Published
Aug 13, 2025
Tracked Since
Feb 18, 2026