exploitDog

CVE-2021-24491

Опубликовано: 13 сент. 2021

Источник: nvd

CVSS3: 8.8

CVSS2: 6.8

EPSS Низкий

Описание

The Fileviewer WordPress plugin through 2.2 does not have CSRF checks in place when performing actions such as upload and delete files. As a result, attackers could make a logged in administrator delete and upload arbitrary files via a CSRF attack

Ссылки

https://wpscan.com/vulnerability/ddd37827-f4c1-4806-8846-d06d9fbf23dd
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/ddd37827-f4c1-4806-8846-d06d9fbf23dd
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:fileviewer_project:fileviewer:*:*:*:*:*:wordpress:*:*

Версия до 2.2 (включая)

EPSS

Процентиль: 45%

0.00227

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-352

CWE-352

Связанные уязвимости

GHSA-cmgq-6hm8-g996

github

больше 3 лет назад

The Fileviewer WordPress plugin through 2.2 does not have CSRF checks in place when performing actions such as upload and delete files. As a result, attackers could make a logged in administrator delete and upload arbitrary files via a CSRF attack

EPSS

Процентиль: 45%

0.00227

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-352

CWE-352