7.2
CVE-2021-24123
- EPSS 1.65%
- Veröffentlicht 18.03.2021 15:15:13
- Zuletzt bearbeitet 21.11.2024 05:52:24
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginPowerPress < 8.3.8 - Authenticated Arbitrary File Upload leading to RCE
PowerPress <= 8.3.7 - Arbitrary File Upload
Arbitrary file upload in the PowerPress WordPress plugin, versions before 8.3.8, did not verify some of the uploaded feed images (such as the ones from Podcast Artwork section), allowing high privilege accounts (admin+) being able to upload arbitrary files, such as php, leading to RCE.
Mögliche Gegenmaßnahme
PowerPress Podcasting plugin by Blubrry: Update to version 8.3.8, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Blubrry ≫ Powerpress SwPlatformwordpress Version < 8.3.8
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
PowerPress Podcasting plugin by Blubrry
Version
*-8.3.7
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.65% | 0.734 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.2 | 1.2 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.5 | 8 | 6.4 |
AV:N/AC:L/Au:S/C:P/I:P/A:P
|
CWE-434 Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
https://wpscan.com/vulnerability/43aa30bf-eaf8-467a-93a1-78f9bdb37b36
https://www.wordfence.com/threat-intel/vulnerabilities/id/cc987edf-5a68-4baf-947c-e623c85ec659