← Volver a CVEs
CVE-2021-24663
HIGH7.2
Descripcion
The Simple Schools Staff Directory WordPress plugin through 1.1 does not validate uploaded logo pictures to ensure that are indeed images, allowing high privilege users such as admin to upload arbitrary file like PHP, leading to RCE
Detalles CVE
Puntuacion CVSS v3.17.2
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosHIGH
Interaccion usuarioNONE
Publicado9/20/2021
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0
Productos afectados
simple_schools_staff_directory_project:simple_schools_staff_directory
Debilidades (CWE)
CWE-434
Referencias
https://wpscan.com/vulnerability/8b5b5b57-50c5-4cd8-9171-168c3e9df46a(contact@wpscan.com)
https://wpscan.com/vulnerability/8b5b5b57-50c5-4cd8-9171-168c3e9df46a(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.