CVE-2021-24254

Sažetak

The College publisher Import WordPress plugin through 0.1 does not check for the uploaded CSV file to import, allowing high privilege users to upload arbitrary files, such as PHP, leading to RCE. Due to the lack of CSRF check, the issue could also be exploited via a CSRF attack.

Reference

https://github.com/jinhuang1102/CVE-ID-Reports/blob/master/College%20Puglisher%20Import.md
https://wpscan.com/vulnerability/bb3e56dd-ae2e-45c2-a6c9-a59ae5fc1dc4

CVSS

Base:	6.5
Impact:	6.4
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:S/C:P/I:P/A:P

Zadnje važnije ažuriranje

14-05-2021 - 18:17

Objavljeno

06-05-2021 - 13:15