CVE-2021-24347

Опубликовано: 14 июн. 2021

Источник: nvd

CVSS3: 8.8

CVSS2: 6.5

EPSS Высокий

Описание

The SP Project & Document Manager WordPress plugin before 4.22 allows users to upload files, however, the plugin attempts to prevent php and other similar files that could be executed on the server from being uploaded by checking the file extension. It was discovered that php files could still be uploaded by changing the file extension's case, for example, from "php" to "pHP".

Ссылки

http://packetstormsecurity.com/files/163434/WordPress-SP-Project-And-Document-Manager-4.21-Shell-Upload.html
Exploit
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/163675/WordPress-SP-Project-And-Document-Remote-Code-Execution.html
Exploit
Third Party Advisory
VDB Entry
https://wpscan.com/vulnerability/8f6e82d5-c0e9-468e-acb8-7cd549f6a45a
Exploit
Third Party Advisory
http://packetstormsecurity.com/files/163434/WordPress-SP-Project-And-Document-Manager-4.21-Shell-Upload.html
Exploit
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/163675/WordPress-SP-Project-And-Document-Remote-Code-Execution.html
Exploit
Third Party Advisory
VDB Entry
https://wpscan.com/vulnerability/8f6e82d5-c0e9-468e-acb8-7cd549f6a45a
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:smartypantsplugins:sp_project_\&_document_manager:*:*:*:*:*:wordpress:*:*

Версия до 4.22 (исключая)

EPSS

Процентиль: 99%

0.81417

Высокий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-178

Связанные уязвимости

GHSA-p8xc-86cg-8cgm