Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for one-stop_wp_migration by servmask

    CVE-2021-24216 (GCVE-0-2021-24216)

    Vulnerability from nvd – Published: 2022-03-07 08:15 – Updated: 2024-08-03 19:21
    VLAI
    Title
    All-in-One WP Migration < 7.41 - Admin+ Arbitrary File Upload to RCE
    Summary
    The All-in-One WP Migration WordPress plugin before 7.41 does not validate uploaded files' extension, which allows administrators to upload PHP files on their site, even on multisite installations.
    Severity
    No CVSS data available.
    CWE
    • CWE-434 - Unrestricted Upload of File with Dangerous Type
    Assigner
    References
    Impacted products
    Vendor Product Version
    Unknown All-in-One WP Migration Affected: 7.41 , < 7.41 (custom)
    Create a notification for this product.
    Credits
    YICHENG LIU-ZTE CHENFENG lab
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T19:21:18.671Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/87c6052c-2628-4987-a9a3-a03b5ca1e083"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://plugins.trac.wordpress.org/changeset/2516181#file8"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "All-in-One WP Migration",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "7.41",
                  "status": "affected",
                  "version": "7.41",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "YICHENG LIU-ZTE CHENFENG lab"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The All-in-One WP Migration WordPress plugin before 7.41 does not validate uploaded files\u0027 extension, which allows administrators to upload PHP files on their site, even on multisite installations."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-434",
                  "description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-03-07T08:15:55.000Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wpscan.com/vulnerability/87c6052c-2628-4987-a9a3-a03b5ca1e083"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://plugins.trac.wordpress.org/changeset/2516181#file8"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "All-in-One WP Migration \u003c 7.41 - Admin+ Arbitrary File Upload to RCE",
          "x_generator": "WPScan CVE Generator",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "contact@wpscan.com",
              "ID": "CVE-2021-24216",
              "STATE": "PUBLIC",
              "TITLE": "All-in-One WP Migration \u003c 7.41 - Admin+ Arbitrary File Upload to RCE"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "All-in-One WP Migration",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "7.41",
                                "version_value": "7.41"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Unknown"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "YICHENG LIU-ZTE CHENFENG lab"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The All-in-One WP Migration WordPress plugin before 7.41 does not validate uploaded files\u0027 extension, which allows administrators to upload PHP files on their site, even on multisite installations."
                }
              ]
            },
            "generator": "WPScan CVE Generator",
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wpscan.com/vulnerability/87c6052c-2628-4987-a9a3-a03b5ca1e083",
                  "refsource": "MISC",
                  "url": "https://wpscan.com/vulnerability/87c6052c-2628-4987-a9a3-a03b5ca1e083"
                },
                {
                  "name": "https://plugins.trac.wordpress.org/changeset/2516181#file8",
                  "refsource": "CONFIRM",
                  "url": "https://plugins.trac.wordpress.org/changeset/2516181#file8"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2021-24216",
        "datePublished": "2022-03-07T08:15:55.000Z",
        "dateReserved": "2021-01-14T00:00:00.000Z",
        "dateUpdated": "2024-08-03T19:21:18.671Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-24216 (GCVE-0-2021-24216)

    Vulnerability from cvelistv5 – Published: 2022-03-07 08:15 – Updated: 2024-08-03 19:21
    VLAI
    Title
    All-in-One WP Migration < 7.41 - Admin+ Arbitrary File Upload to RCE
    Summary
    The All-in-One WP Migration WordPress plugin before 7.41 does not validate uploaded files' extension, which allows administrators to upload PHP files on their site, even on multisite installations.
    Severity
    No CVSS data available.
    CWE
    • CWE-434 - Unrestricted Upload of File with Dangerous Type
    Assigner
    References
    Impacted products
    Vendor Product Version
    Unknown All-in-One WP Migration Affected: 7.41 , < 7.41 (custom)
    Create a notification for this product.
    Credits
    YICHENG LIU-ZTE CHENFENG lab
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T19:21:18.671Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/87c6052c-2628-4987-a9a3-a03b5ca1e083"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://plugins.trac.wordpress.org/changeset/2516181#file8"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "All-in-One WP Migration",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "7.41",
                  "status": "affected",
                  "version": "7.41",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "YICHENG LIU-ZTE CHENFENG lab"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The All-in-One WP Migration WordPress plugin before 7.41 does not validate uploaded files\u0027 extension, which allows administrators to upload PHP files on their site, even on multisite installations."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-434",
                  "description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-03-07T08:15:55.000Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wpscan.com/vulnerability/87c6052c-2628-4987-a9a3-a03b5ca1e083"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://plugins.trac.wordpress.org/changeset/2516181#file8"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "All-in-One WP Migration \u003c 7.41 - Admin+ Arbitrary File Upload to RCE",
          "x_generator": "WPScan CVE Generator",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "contact@wpscan.com",
              "ID": "CVE-2021-24216",
              "STATE": "PUBLIC",
              "TITLE": "All-in-One WP Migration \u003c 7.41 - Admin+ Arbitrary File Upload to RCE"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "All-in-One WP Migration",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "7.41",
                                "version_value": "7.41"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Unknown"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "YICHENG LIU-ZTE CHENFENG lab"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The All-in-One WP Migration WordPress plugin before 7.41 does not validate uploaded files\u0027 extension, which allows administrators to upload PHP files on their site, even on multisite installations."
                }
              ]
            },
            "generator": "WPScan CVE Generator",
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wpscan.com/vulnerability/87c6052c-2628-4987-a9a3-a03b5ca1e083",
                  "refsource": "MISC",
                  "url": "https://wpscan.com/vulnerability/87c6052c-2628-4987-a9a3-a03b5ca1e083"
                },
                {
                  "name": "https://plugins.trac.wordpress.org/changeset/2516181#file8",
                  "refsource": "CONFIRM",
                  "url": "https://plugins.trac.wordpress.org/changeset/2516181#file8"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2021-24216",
        "datePublished": "2022-03-07T08:15:55.000Z",
        "dateReserved": "2021-01-14T00:00:00.000Z",
        "dateUpdated": "2024-08-03T19:21:18.671Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }