Lucene search

[email protected]NVD:CVE-2021-24145

HistoryMar 18, 2021 - 3:15 p.m.

CVE-2021-24145

2021-03-1815:15:15

CWE-434

[email protected]

web.nvd.nist.gov

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

0.965 High

EPSS

Percentile

99.6%

JSON

Arbitrary file upload in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not properly check the imported file, allowing PHP ones to be uploaded by administrator by using the ‘text/csv’ content-type in the request.

Affected configurations

NVD

Node

webnusmodern_events_calendar_liteRange<5.16.5wordpress

References

packetstormsecurity.com/files/163346/WordPress-Modern-Events-Calendar-5.16.2-Shell-Upload.html

packetstormsecurity.com/files/163672/WordPress-Modern-Events-Calendar-Remote-Code-Execution.html

wpscan.com/vulnerability/f42cc26b-9aab-4824-8168-b5b8571d1610

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

0.965 High

EPSS

Percentile

99.6%

JSON

Related for NVD:CVE-2021-24145

packetstorm2 cvelist1 zdt2 prion1 cve1 checkpoint_advisories1 wpvulndb1 wpexploit1 nuclei1 githubexploit1 osv1 exploitdb1 rapid7blog1