Search criteria
1 vulnerability by classyfrieds_project
CVE-2021-24253 (GCVE-0-2021-24253)
Vulnerability from cvelistv5 – Published: 2021-05-05 18:39 – Updated: 2024-08-03 19:28
VLAI
Title
Classyfrieds <= 3.8 - Authenticated Arbitrary File Upload to RCE
Summary
The Classyfrieds WordPress plugin through 3.8 does not properly check the uploaded file when an authenticated user adds a listing, only checking the content-type in the request. This allows any authenticated user to upload arbitrary PHP files via the Add Listing feature of the plugin, leading to RCE.
Severity
No CVSS data available.
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/ee42c233-0ff6-4b… | x_refsource_CONFIRM |
| https://github.com/jinhuang1102/CVE-ID-Reports/bl… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | Classyfrieds |
Affected:
3.8 , ≤ 3.8
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:28:22.247Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/ee42c233-0ff6-4b27-a5ec-ad3246bef079"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/jinhuang1102/CVE-ID-Reports/blob/master/classyfrieds.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Classyfrieds",
"vendor": "Unknown",
"versions": [
{
"lessThanOrEqual": "3.8",
"status": "affected",
"version": "3.8",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Jin Huang"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Classyfrieds WordPress plugin through 3.8 does not properly check the uploaded file when an authenticated user adds a listing, only checking the content-type in the request. This allows any authenticated user to upload arbitrary PHP files via the Add Listing feature of the plugin, leading to RCE."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-05T18:39:43.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wpscan.com/vulnerability/ee42c233-0ff6-4b27-a5ec-ad3246bef079"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/jinhuang1102/CVE-ID-Reports/blob/master/classyfrieds.md"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Classyfrieds \u003c= 3.8 - Authenticated Arbitrary File Upload to RCE",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24253",
"STATE": "PUBLIC",
"TITLE": "Classyfrieds \u003c= 3.8 - Authenticated Arbitrary File Upload to RCE"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Classyfrieds",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "3.8",
"version_value": "3.8"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Jin Huang"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Classyfrieds WordPress plugin through 3.8 does not properly check the uploaded file when an authenticated user adds a listing, only checking the content-type in the request. This allows any authenticated user to upload arbitrary PHP files via the Add Listing feature of the plugin, leading to RCE."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/ee42c233-0ff6-4b27-a5ec-ad3246bef079",
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/ee42c233-0ff6-4b27-a5ec-ad3246bef079"
},
{
"name": "https://github.com/jinhuang1102/CVE-ID-Reports/blob/master/classyfrieds.md",
"refsource": "MISC",
"url": "https://github.com/jinhuang1102/CVE-ID-Reports/blob/master/classyfrieds.md"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24253",
"datePublished": "2021-05-05T18:39:43.000Z",
"dateReserved": "2021-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:28:22.247Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}