exploitDog

CVE-2021-24663

Опубликовано: 20 сент. 2021

Источник: nvd

CVSS3: 7.2

CVSS2: 6.5

EPSS Низкий

Описание

The Simple Schools Staff Directory WordPress plugin through 1.1 does not validate uploaded logo pictures to ensure that are indeed images, allowing high privilege users such as admin to upload arbitrary file like PHP, leading to RCE

Ссылки

https://wpscan.com/vulnerability/8b5b5b57-50c5-4cd8-9171-168c3e9df46a
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/8b5b5b57-50c5-4cd8-9171-168c3e9df46a
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:simple_schools_staff_directory_project:simple_schools_staff_directory:*:*:*:*:*:wordpress:*:*

Версия до 1.1 (включая)

EPSS

Процентиль: 75%

0.00875

Низкий

7.2 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-434

Связанные уязвимости

GHSA-gg8c-wv43-x28x

github

больше 3 лет назад

The Simple Schools Staff Directory WordPress plugin through 1.1 does not validate uploaded logo pictures to ensure that are indeed images, allowing high privilege users such as admin to upload arbitrary file like PHP, leading to RCE

EPSS

Процентиль: 75%

0.00875

Низкий

7.2 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-434