CVE-2021-24145

Arbitrary file upload in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not properly check the imported file, allowing PHP ones to be uploaded by administrator by using the 'text/csv' content-type in the request.
Configurations

Configuration 1 (hide)

cpe:2.3:a:webnus:modern_events_calendar_lite:*:*:*:*:*:wordpress:*:*

History

21 Nov 2024, 05:52

Type Values Removed Values Added
References () http://packetstormsecurity.com/files/163346/WordPress-Modern-Events-Calendar-5.16.2-Shell-Upload.html - Exploit, Third Party Advisory, VDB Entry () http://packetstormsecurity.com/files/163346/WordPress-Modern-Events-Calendar-5.16.2-Shell-Upload.html - Exploit, Third Party Advisory, VDB Entry
References () http://packetstormsecurity.com/files/163672/WordPress-Modern-Events-Calendar-Remote-Code-Execution.html - Exploit, Third Party Advisory, VDB Entry () http://packetstormsecurity.com/files/163672/WordPress-Modern-Events-Calendar-Remote-Code-Execution.html - Exploit, Third Party Advisory, VDB Entry
References () https://wpscan.com/vulnerability/f42cc26b-9aab-4824-8168-b5b8571d1610 - Exploit, Third Party Advisory () https://wpscan.com/vulnerability/f42cc26b-9aab-4824-8168-b5b8571d1610 - Exploit, Third Party Advisory

03 Dec 2021, 18:07

Type Values Removed Values Added
References
  • (MISC) http://packetstormsecurity.com/files/163672/WordPress-Modern-Events-Calendar-Remote-Code-Execution.html - Exploit, Third Party Advisory, VDB Entry
References (MISC) http://packetstormsecurity.com/files/163346/WordPress-Modern-Events-Calendar-5.16.2-Shell-Upload.html - (MISC) http://packetstormsecurity.com/files/163346/WordPress-Modern-Events-Calendar-5.16.2-Shell-Upload.html - Exploit, Third Party Advisory, VDB Entry

26 Jul 2021, 18:15

Type Values Removed Values Added
References
  • (MISC) http://packetstormsecurity.com/files/163346/WordPress-Modern-Events-Calendar-5.16.2-Shell-Upload.html -

Information

Published : 2021-03-18 15:15

Updated : 2024-11-21 05:52


NVD link : CVE-2021-24145

Mitre link : CVE-2021-24145

CVE.ORG link : CVE-2021-24145


JSON object : View

Products Affected

webnus

  • modern_events_calendar_lite
CWE
CWE-434

Unrestricted Upload of File with Dangerous Type