8.8
CVE-2021-4225
- EPSS 1.71%
- Veröffentlicht 25.04.2022 16:16:07
- Zuletzt bearbeitet 21.11.2024 06:37:11
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginSP Project & Document Manager < 4.24 - Subscriber+ Shell Upload
SP Project & Document Manager <= 4.23 - Subscriber+ Arbitrary File Upload
The SP Project & Document Manager WordPress plugin before 4.24 allows any authenticated users, such as subscribers, to upload files. The plugin attempts to prevent PHP and other similar files that could be executed on the server from being uploaded by checking the file extension. It was discovered that on Windows servers, the security checks in place were insufficient, enabling bad actors to potentially upload backdoors on vulnerable sites.
Mögliche Gegenmaßnahme
SP Project & Document Manager: Update to version 4.24, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Smartypantsplugins ≫ Sp Project & Document Manager SwPlatformwordpress Version < 4.24
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
SP Project & Document Manager
Version
[*, 4.24)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.71% | 0.744 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.5 | 8 | 6.4 |
AV:N/AC:L/Au:S/C:P/I:P/A:P
|
CWE-434 Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
https://github.com/pang0lin/CVEproject/blob/main/wordpress_SP-Project_fileupload.md
https://wpscan.com/vulnerability/bd1083d1-edcc-482e-a8a9-c8b6c8d417bd
https://www.wordfence.com/threat-intel/vulnerabilities/id/3b1b60f4-39f7-4981-bd8d-b1c6e63cf082