Vulnerability Details : CVE-2021-24347
Public exploit exists!
The SP Project & Document Manager WordPress plugin before 4.22 allows users to upload files, however, the plugin attempts to prevent php and other similar files that could be executed on the server from being uploaded by checking the file extension. It was discovered that php files could still be uploaded by changing the file extension's case, for example, from "php" to "pHP".
Products affected by CVE-2021-24347
- cpe:2.3:a:smartypantsplugins:sp_project_\&_document_manager:*:*:*:*:*:wordpress:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-24347
97.31%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2021-24347
-
Wordpress Plugin SP Project and Document - Authenticated Remote Code Execution
Disclosure Date: 2021-06-14First seen: 2021-07-23exploit/multi/http/wp_plugin_sp_project_document_rceThis module allows an attacker with a privileged Wordpress account to launch a reverse shell due to an arbitrary file upload vulnerability in Wordpress plugin SP Project & Document < 4.22. The security check only searches for lowercase file extensions such as `.php`, m
CVSS scores for CVE-2021-24347
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:P |
8.0
|
6.4
|
NIST | |
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
CWE ids for CVE-2021-24347
-
The product does not properly account for differences in case sensitivity when accessing or determining the properties of a resource, leading to inconsistent results.Assigned by:
- contact@wpscan.com (Primary)
- nvd@nist.gov (Secondary)
References for CVE-2021-24347
-
http://packetstormsecurity.com/files/163675/WordPress-SP-Project-And-Document-Remote-Code-Execution.html
WordPress SP Project And Document Remote Code Execution ≈ Packet StormExploit;Third Party Advisory;VDB Entry
-
http://packetstormsecurity.com/files/163434/WordPress-SP-Project-And-Document-Manager-4.21-Shell-Upload.html
WordPress SP Project And Document Manager 4.21 Shell Upload ≈ Packet StormExploit;Third Party Advisory;VDB Entry
-
https://wpscan.com/vulnerability/8f6e82d5-c0e9-468e-acb8-7cd549f6a45a
Attention Required! | CloudflareExploit;Third Party Advisory
Jump to