Arbitrary file upload in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not properly check the imported file, allowing PHP ones to be uploaded by administrator by using the 'text/csv' content-type in the request.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/163346/WordPress-Modern-Events-Calendar-5.16.2-Shell-Upload.html | Exploit Third Party Advisory VDB Entry |
http://packetstormsecurity.com/files/163672/WordPress-Modern-Events-Calendar-Remote-Code-Execution.html | Exploit Third Party Advisory VDB Entry |
https://wpscan.com/vulnerability/f42cc26b-9aab-4824-8168-b5b8571d1610 | Exploit Third Party Advisory |
http://packetstormsecurity.com/files/163346/WordPress-Modern-Events-Calendar-5.16.2-Shell-Upload.html | Exploit Third Party Advisory VDB Entry |
http://packetstormsecurity.com/files/163672/WordPress-Modern-Events-Calendar-Remote-Code-Execution.html | Exploit Third Party Advisory VDB Entry |
https://wpscan.com/vulnerability/f42cc26b-9aab-4824-8168-b5b8571d1610 | Exploit Third Party Advisory |
Configurations
History
21 Nov 2024, 05:52
Type | Values Removed | Values Added |
---|---|---|
References | () http://packetstormsecurity.com/files/163346/WordPress-Modern-Events-Calendar-5.16.2-Shell-Upload.html - Exploit, Third Party Advisory, VDB Entry | |
References | () http://packetstormsecurity.com/files/163672/WordPress-Modern-Events-Calendar-Remote-Code-Execution.html - Exploit, Third Party Advisory, VDB Entry | |
References | () https://wpscan.com/vulnerability/f42cc26b-9aab-4824-8168-b5b8571d1610 - Exploit, Third Party Advisory |
03 Dec 2021, 18:07
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
References | (MISC) http://packetstormsecurity.com/files/163346/WordPress-Modern-Events-Calendar-5.16.2-Shell-Upload.html - Exploit, Third Party Advisory, VDB Entry |
26 Jul 2021, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2021-03-18 15:15
Updated : 2024-11-21 05:52
NVD link : CVE-2021-24145
Mitre link : CVE-2021-24145
CVE.ORG link : CVE-2021-24145
JSON object : View
Products Affected
webnus
- modern_events_calendar_lite
CWE
CWE-434
Unrestricted Upload of File with Dangerous Type