Lucene search
WPScanCVELIST:CVE-2021-24145HistoryMar 18, 2021 - 2:57 p.m.
CVE-2021-24145 Modern Events Calendar Lite < 5.16.5 - Authenticated Arbitrary File Upload leading to RCE
2021-03-1814:57:50
CWE-434
WPScan
www.cve.org
3
0.965 High
EPSS
Percentile
99.6%
Arbitrary file upload in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not properly check the imported file, allowing PHP ones to be uploaded by administrator by using the ‘text/csv’ content-type in the request.
CNA Affected
[
{
"product": "Modern Events Calendar Lite",
"vendor": "Unknown",
"versions": [
{
"lessThan": "5.16.5",
"status": "affected",
"version": "5.16.5",
"versionType": "custom"
}
]
}
]Related
packetstorm
packetstorm
WordPress Modern Events Calendar 5.16.2 Shell Upload
2021-07-02 00:00:00
WordPress Modern Events Calendar Remote Code Execution
2021-07-26 00:00:00
zdt
zdt
prion
prion
Cross site request forgery (csrf)
2021-03-18 15:15:00
cve
cve
CVE-2021-24145
2021-03-18 15:15:15
checkpoint_advisories
checkpoint_advisories
nvd
nvd
CVE-2021-24145
2021-03-18 15:15:15
wpvulndb
wpvulndb
wpexploit
wpexploit
nuclei
nuclei
githubexploit
githubexploit
osv
osv
CVE-2021-24145
2021-03-18 15:15:15
exploitdb
exploitdb
rapid7blog
rapid7blog
Metasploit Wrap-Up
2021-07-30 18:04:33