8.8
CVE-2021-24347
- EPSS 82.73%
- Veröffentlicht 14.06.2021 14:15:08
- Zuletzt bearbeitet 21.11.2024 05:52:53
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginSP Project & Document Manager <= 4.21 - Authenticated Shell Upload
The SP Project & Document Manager WordPress plugin before 4.22 allows users to upload files, however, the plugin attempts to prevent php and other similar files that could be executed on the server from being uploaded by checking the file extension. It was discovered that php files could still be uploaded by changing the file extension's case, for example, from "php" to "pHP".
Mögliche Gegenmaßnahme
SP Project & Document Manager: Update to version 4.22, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
SP Project & Document Manager
Version
[*, 4.22)
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Smartypantsplugins ≫ Sp Project & Document Manager SwPlatformwordpress Version < 4.22
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 82.73% | 0.992 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.5 | 8 | 6.4 |
AV:N/AC:L/Au:S/C:P/I:P/A:P
|
CWE-178 Improper Handling of Case Sensitivity
The product does not properly account for differences in case sensitivity when accessing or determining the properties of a resource, leading to inconsistent results.