Search criteria
2 vulnerabilities found for PowerPress by Unknown
CVE-2021-24123 (GCVE-0-2021-24123)
Vulnerability from cvelistv5 – Published: 2021-03-18 14:57 – Updated: 2024-08-03 19:21
VLAI?
Title
PowerPress < 8.3.8 - Authenticated Arbitrary File Upload leading to RCE
Summary
Arbitrary file upload in the PowerPress WordPress plugin, versions before 8.3.8, did not verify some of the uploaded feed images (such as the ones from Podcast Artwork section), allowing high privilege accounts (admin+) being able to upload arbitrary files, such as php, leading to RCE.
Severity ?
No CVSS data available.
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | PowerPress |
Affected:
8.3.8 , < 8.3.8
(custom)
|
Credits
Minh Tuan - SunCSR (Sun* Cyber Security Research)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:21:18.642Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/43aa30bf-eaf8-467a-93a1-78f9bdb37b36"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PowerPress",
"vendor": "Unknown",
"versions": [
{
"lessThan": "8.3.8",
"status": "affected",
"version": "8.3.8",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Minh Tuan - SunCSR (Sun* Cyber Security Research)"
}
],
"descriptions": [
{
"lang": "en",
"value": "Arbitrary file upload in the PowerPress WordPress plugin, versions before 8.3.8, did not verify some of the uploaded feed images (such as the ones from Podcast Artwork section), allowing high privilege accounts (admin+) being able to upload arbitrary files, such as php, leading to RCE."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-18T14:57:47",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/43aa30bf-eaf8-467a-93a1-78f9bdb37b36"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "PowerPress \u003c 8.3.8 - Authenticated Arbitrary File Upload leading to RCE",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24123",
"STATE": "PUBLIC",
"TITLE": "PowerPress \u003c 8.3.8 - Authenticated Arbitrary File Upload leading to RCE"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PowerPress",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "8.3.8",
"version_value": "8.3.8"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Minh Tuan - SunCSR (Sun* Cyber Security Research)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Arbitrary file upload in the PowerPress WordPress plugin, versions before 8.3.8, did not verify some of the uploaded feed images (such as the ones from Podcast Artwork section), allowing high privilege accounts (admin+) being able to upload arbitrary files, such as php, leading to RCE."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/43aa30bf-eaf8-467a-93a1-78f9bdb37b36",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/43aa30bf-eaf8-467a-93a1-78f9bdb37b36"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24123",
"datePublished": "2021-03-18T14:57:47",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:21:18.642Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24123 (GCVE-0-2021-24123)
Vulnerability from nvd – Published: 2021-03-18 14:57 – Updated: 2024-08-03 19:21
VLAI?
Title
PowerPress < 8.3.8 - Authenticated Arbitrary File Upload leading to RCE
Summary
Arbitrary file upload in the PowerPress WordPress plugin, versions before 8.3.8, did not verify some of the uploaded feed images (such as the ones from Podcast Artwork section), allowing high privilege accounts (admin+) being able to upload arbitrary files, such as php, leading to RCE.
Severity ?
No CVSS data available.
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | PowerPress |
Affected:
8.3.8 , < 8.3.8
(custom)
|
Credits
Minh Tuan - SunCSR (Sun* Cyber Security Research)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:21:18.642Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/43aa30bf-eaf8-467a-93a1-78f9bdb37b36"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PowerPress",
"vendor": "Unknown",
"versions": [
{
"lessThan": "8.3.8",
"status": "affected",
"version": "8.3.8",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Minh Tuan - SunCSR (Sun* Cyber Security Research)"
}
],
"descriptions": [
{
"lang": "en",
"value": "Arbitrary file upload in the PowerPress WordPress plugin, versions before 8.3.8, did not verify some of the uploaded feed images (such as the ones from Podcast Artwork section), allowing high privilege accounts (admin+) being able to upload arbitrary files, such as php, leading to RCE."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-18T14:57:47",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/43aa30bf-eaf8-467a-93a1-78f9bdb37b36"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "PowerPress \u003c 8.3.8 - Authenticated Arbitrary File Upload leading to RCE",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24123",
"STATE": "PUBLIC",
"TITLE": "PowerPress \u003c 8.3.8 - Authenticated Arbitrary File Upload leading to RCE"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PowerPress",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "8.3.8",
"version_value": "8.3.8"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Minh Tuan - SunCSR (Sun* Cyber Security Research)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Arbitrary file upload in the PowerPress WordPress plugin, versions before 8.3.8, did not verify some of the uploaded feed images (such as the ones from Podcast Artwork section), allowing high privilege accounts (admin+) being able to upload arbitrary files, such as php, leading to RCE."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/43aa30bf-eaf8-467a-93a1-78f9bdb37b36",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/43aa30bf-eaf8-467a-93a1-78f9bdb37b36"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24123",
"datePublished": "2021-03-18T14:57:47",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:21:18.642Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}