Search criteria
10 vulnerabilities found for SP Project & Document Manager by Unknown
CVE-2024-3749 (GCVE-0-2024-3749)
Vulnerability from cvelistv5 – Published: 2024-05-15 06:00 – Updated: 2024-08-01 20:20
VLAI?
Title
SP Project & Document Manager <= 4.71 - Subscriber+ File Download via IDOR
Summary
The SP Project & Document Manager WordPress plugin through 4.71 lacks proper access controllers and allows a logged in user to view and download files belonging to another user
Severity ?
6.5 (Medium)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | SP Project & Document Manager |
Affected:
0 , ≤ 4.71
(semver)
|
Credits
fewwords
WPScan
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:smartypantsplugins:sp_project_\\\u0026_document_manager:-:*:*:*:*:wordpress:*:*"
],
"defaultStatus": "unknown",
"product": "sp_project_\\\u0026_document_manager",
"vendor": "smartypantsplugins",
"versions": [
{
"lessThanOrEqual": "4.71",
"status": "affected",
"version": "-",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-3749",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-15T15:25:46.281662Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:31:08.986Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:20:01.139Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/d14bb16e-ce1d-4c31-8791-bc63174897c0/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SP Project \u0026 Document Manager",
"vendor": "Unknown",
"versions": [
{
"lessThanOrEqual": "4.71",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "fewwords"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The SP Project \u0026 Document Manager WordPress plugin through 4.71 lacks proper access controllers and allows a logged in user to view and download files belonging to another user"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-15T06:00:04.713Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/d14bb16e-ce1d-4c31-8791-bc63174897c0/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "SP Project \u0026 Document Manager \u003c= 4.71 - Subscriber+ File Download via IDOR",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2024-3749",
"datePublished": "2024-05-15T06:00:04.713Z",
"dateReserved": "2024-04-12T20:26:38.897Z",
"dateUpdated": "2024-08-01T20:20:01.139Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-3748 (GCVE-0-2024-3748)
Vulnerability from cvelistv5 – Published: 2024-05-15 06:00 – Updated: 2024-08-01 20:20
VLAI?
Title
SP Project & Document Manager <= 4.71 - Data Update via IDOR
Summary
The SP Project & Document Manager WordPress plugin through 4.71 is missing validation in its upload function, allowing a user to manipulate the `user_id` to make it appear that a file was uploaded by another user
Severity ?
6.5 (Medium)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | SP Project & Document Manager |
Affected:
0 , ≤ 4.71
(semver)
|
Credits
fewwords
WPScan
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:smartypantsplugins:sp_project_\\\u0026_document_manager:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sp_project_\\\u0026_document_manager",
"vendor": "smartypantsplugins",
"versions": [
{
"lessThanOrEqual": "4.71",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-3748",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-11T18:53:43.436707Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-11T18:53:59.679Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:20:01.097Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/01427cfb-5c51-4524-9b9d-e09a603bc34c/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SP Project \u0026 Document Manager",
"vendor": "Unknown",
"versions": [
{
"lessThanOrEqual": "4.71",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "fewwords"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The SP Project \u0026 Document Manager WordPress plugin through 4.71 is missing validation in its upload function, allowing a user to manipulate the `user_id` to make it appear that a file was uploaded by another user"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-15T06:00:04.491Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/01427cfb-5c51-4524-9b9d-e09a603bc34c/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "SP Project \u0026 Document Manager \u003c= 4.71 - Data Update via IDOR",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2024-3748",
"datePublished": "2024-05-15T06:00:04.491Z",
"dateReserved": "2024-04-12T20:19:22.080Z",
"dateUpdated": "2024-08-01T20:20:01.097Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1551 (GCVE-0-2022-1551)
Vulnerability from cvelistv5 – Published: 2022-07-25 12:46 – Updated: 2024-08-03 00:10
VLAI?
Title
SP Project & Document Manager < 4.58 - Sensitive File Disclosure
Summary
The SP Project & Document Manager WordPress plugin before 4.58 uses an easily guessable path to store user files, bad actors could use that to access other users' sensitive files.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | SP Project & Document Manager |
Affected:
0 , < 4.58
(custom)
|
Credits
Viktor Markopoulos
WPScan
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:10:03.030Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/51b4752a-7922-444d-a022-f1c7159b5d84"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"product": "SP Project \u0026 Document Manager",
"vendor": "Unknown",
"versions": [
{
"lessThan": "4.58",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Viktor Markopoulos"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The SP Project \u0026 Document Manager WordPress plugin before 4.58 uses an easily guessable path to store user files, bad actors could use that to access other users\u0027 sensitive files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-425 Direct Request (\u0027Forced Browsing\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-25T07:21:10.772Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/51b4752a-7922-444d-a022-f1c7159b5d84"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "SP Project \u0026 Document Manager \u003c 4.58 - Sensitive File Disclosure",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-1551",
"datePublished": "2022-07-25T12:46:15",
"dateReserved": "2022-05-02T00:00:00",
"dateUpdated": "2024-08-03T00:10:03.030Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-4225 (GCVE-0-2021-4225)
Vulnerability from cvelistv5 – Published: 2022-04-25 15:50 – Updated: 2024-08-03 17:16
VLAI?
Title
SP Project & Document Manager < 4.24 - Subscriber+ Shell Upload
Summary
The SP Project & Document Manager WordPress plugin before 4.24 allows any authenticated users, such as subscribers, to upload files. The plugin attempts to prevent PHP and other similar files that could be executed on the server from being uploaded by checking the file extension. It was discovered that on Windows servers, the security checks in place were insufficient, enabling bad actors to potentially upload backdoors on vulnerable sites.
Severity ?
No CVSS data available.
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | SP Project & Document Manager |
Affected:
4.24 , < 4.24
(custom)
|
Credits
pang0lin @webray.com.cn inc
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:16:04.292Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/bd1083d1-edcc-482e-a8a9-c8b6c8d417bd"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pang0lin/CVEproject/blob/main/wordpress_SP-Project_fileupload.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SP Project \u0026 Document Manager",
"vendor": "Unknown",
"versions": [
{
"lessThan": "4.24",
"status": "affected",
"version": "4.24",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "pang0lin @webray.com.cn inc"
}
],
"descriptions": [
{
"lang": "en",
"value": "The SP Project \u0026 Document Manager WordPress plugin before 4.24 allows any authenticated users, such as subscribers, to upload files. The plugin attempts to prevent PHP and other similar files that could be executed on the server from being uploaded by checking the file extension. It was discovered that on Windows servers, the security checks in place were insufficient, enabling bad actors to potentially upload backdoors on vulnerable sites."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-25T15:50:53",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/bd1083d1-edcc-482e-a8a9-c8b6c8d417bd"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pang0lin/CVEproject/blob/main/wordpress_SP-Project_fileupload.md"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "SP Project \u0026 Document Manager \u003c 4.24 - Subscriber+ Shell Upload",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-4225",
"STATE": "PUBLIC",
"TITLE": "SP Project \u0026 Document Manager \u003c 4.24 - Subscriber+ Shell Upload"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SP Project \u0026 Document Manager",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "4.24",
"version_value": "4.24"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "pang0lin @webray.com.cn inc"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SP Project \u0026 Document Manager WordPress plugin before 4.24 allows any authenticated users, such as subscribers, to upload files. The plugin attempts to prevent PHP and other similar files that could be executed on the server from being uploaded by checking the file extension. It was discovered that on Windows servers, the security checks in place were insufficient, enabling bad actors to potentially upload backdoors on vulnerable sites."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/bd1083d1-edcc-482e-a8a9-c8b6c8d417bd",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/bd1083d1-edcc-482e-a8a9-c8b6c8d417bd"
},
{
"name": "https://github.com/pang0lin/CVEproject/blob/main/wordpress_SP-Project_fileupload.md",
"refsource": "MISC",
"url": "https://github.com/pang0lin/CVEproject/blob/main/wordpress_SP-Project_fileupload.md"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-4225",
"datePublished": "2022-04-25T15:50:53",
"dateReserved": "2022-03-31T00:00:00",
"dateUpdated": "2024-08-03T17:16:04.292Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24347 (GCVE-0-2021-24347)
Vulnerability from cvelistv5 – Published: 2021-06-14 13:37 – Updated: 2024-08-03 19:28
VLAI?
Title
SP Project & Document Manager <2 4.22 - Authenticated Shell Upload
Summary
The SP Project & Document Manager WordPress plugin before 4.22 allows users to upload files, however, the plugin attempts to prevent php and other similar files that could be executed on the server from being uploaded by checking the file extension. It was discovered that php files could still be uploaded by changing the file extension's case, for example, from "php" to "pHP".
Severity ?
No CVSS data available.
CWE
- CWE-178 - Improper Handling of Case Sensitivity
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | SP Project & Document Manager |
Affected:
4.22 , < 4.22
(custom)
|
Credits
Viktor Markopoulos
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:28:23.833Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/8f6e82d5-c0e9-468e-acb8-7cd549f6a45a"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/163434/WordPress-SP-Project-And-Document-Manager-4.21-Shell-Upload.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/163675/WordPress-SP-Project-And-Document-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SP Project \u0026 Document Manager",
"vendor": "Unknown",
"versions": [
{
"lessThan": "4.22",
"status": "affected",
"version": "4.22",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Viktor Markopoulos"
}
],
"descriptions": [
{
"lang": "en",
"value": "The SP Project \u0026 Document Manager WordPress plugin before 4.22 allows users to upload files, however, the plugin attempts to prevent php and other similar files that could be executed on the server from being uploaded by checking the file extension. It was discovered that php files could still be uploaded by changing the file extension\u0027s case, for example, from \"php\" to \"pHP\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-178",
"description": "CWE-178 Improper Handling of Case Sensitivity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-01T12:45:43",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wpscan.com/vulnerability/8f6e82d5-c0e9-468e-acb8-7cd549f6a45a"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/163434/WordPress-SP-Project-And-Document-Manager-4.21-Shell-Upload.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/163675/WordPress-SP-Project-And-Document-Remote-Code-Execution.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "SP Project \u0026 Document Manager \u003c2 4.22 - Authenticated Shell Upload",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24347",
"STATE": "PUBLIC",
"TITLE": "SP Project \u0026 Document Manager \u003c2 4.22 - Authenticated Shell Upload"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SP Project \u0026 Document Manager",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "4.22",
"version_value": "4.22"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Viktor Markopoulos"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SP Project \u0026 Document Manager WordPress plugin before 4.22 allows users to upload files, however, the plugin attempts to prevent php and other similar files that could be executed on the server from being uploaded by checking the file extension. It was discovered that php files could still be uploaded by changing the file extension\u0027s case, for example, from \"php\" to \"pHP\"."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-178 Improper Handling of Case Sensitivity"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/8f6e82d5-c0e9-468e-acb8-7cd549f6a45a",
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/8f6e82d5-c0e9-468e-acb8-7cd549f6a45a"
},
{
"name": "http://packetstormsecurity.com/files/163434/WordPress-SP-Project-And-Document-Manager-4.21-Shell-Upload.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/163434/WordPress-SP-Project-And-Document-Manager-4.21-Shell-Upload.html"
},
{
"name": "http://packetstormsecurity.com/files/163675/WordPress-SP-Project-And-Document-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/163675/WordPress-SP-Project-And-Document-Remote-Code-Execution.html"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24347",
"datePublished": "2021-06-14T13:37:12",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:28:23.833Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-3749 (GCVE-0-2024-3749)
Vulnerability from nvd – Published: 2024-05-15 06:00 – Updated: 2024-08-01 20:20
VLAI?
Title
SP Project & Document Manager <= 4.71 - Subscriber+ File Download via IDOR
Summary
The SP Project & Document Manager WordPress plugin through 4.71 lacks proper access controllers and allows a logged in user to view and download files belonging to another user
Severity ?
6.5 (Medium)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | SP Project & Document Manager |
Affected:
0 , ≤ 4.71
(semver)
|
Credits
fewwords
WPScan
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:smartypantsplugins:sp_project_\\\u0026_document_manager:-:*:*:*:*:wordpress:*:*"
],
"defaultStatus": "unknown",
"product": "sp_project_\\\u0026_document_manager",
"vendor": "smartypantsplugins",
"versions": [
{
"lessThanOrEqual": "4.71",
"status": "affected",
"version": "-",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-3749",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-15T15:25:46.281662Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:31:08.986Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:20:01.139Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/d14bb16e-ce1d-4c31-8791-bc63174897c0/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SP Project \u0026 Document Manager",
"vendor": "Unknown",
"versions": [
{
"lessThanOrEqual": "4.71",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "fewwords"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The SP Project \u0026 Document Manager WordPress plugin through 4.71 lacks proper access controllers and allows a logged in user to view and download files belonging to another user"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-15T06:00:04.713Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/d14bb16e-ce1d-4c31-8791-bc63174897c0/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "SP Project \u0026 Document Manager \u003c= 4.71 - Subscriber+ File Download via IDOR",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2024-3749",
"datePublished": "2024-05-15T06:00:04.713Z",
"dateReserved": "2024-04-12T20:26:38.897Z",
"dateUpdated": "2024-08-01T20:20:01.139Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-3748 (GCVE-0-2024-3748)
Vulnerability from nvd – Published: 2024-05-15 06:00 – Updated: 2024-08-01 20:20
VLAI?
Title
SP Project & Document Manager <= 4.71 - Data Update via IDOR
Summary
The SP Project & Document Manager WordPress plugin through 4.71 is missing validation in its upload function, allowing a user to manipulate the `user_id` to make it appear that a file was uploaded by another user
Severity ?
6.5 (Medium)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | SP Project & Document Manager |
Affected:
0 , ≤ 4.71
(semver)
|
Credits
fewwords
WPScan
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:smartypantsplugins:sp_project_\\\u0026_document_manager:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sp_project_\\\u0026_document_manager",
"vendor": "smartypantsplugins",
"versions": [
{
"lessThanOrEqual": "4.71",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-3748",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-11T18:53:43.436707Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-11T18:53:59.679Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:20:01.097Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/01427cfb-5c51-4524-9b9d-e09a603bc34c/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SP Project \u0026 Document Manager",
"vendor": "Unknown",
"versions": [
{
"lessThanOrEqual": "4.71",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "fewwords"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The SP Project \u0026 Document Manager WordPress plugin through 4.71 is missing validation in its upload function, allowing a user to manipulate the `user_id` to make it appear that a file was uploaded by another user"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-15T06:00:04.491Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/01427cfb-5c51-4524-9b9d-e09a603bc34c/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "SP Project \u0026 Document Manager \u003c= 4.71 - Data Update via IDOR",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2024-3748",
"datePublished": "2024-05-15T06:00:04.491Z",
"dateReserved": "2024-04-12T20:19:22.080Z",
"dateUpdated": "2024-08-01T20:20:01.097Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1551 (GCVE-0-2022-1551)
Vulnerability from nvd – Published: 2022-07-25 12:46 – Updated: 2024-08-03 00:10
VLAI?
Title
SP Project & Document Manager < 4.58 - Sensitive File Disclosure
Summary
The SP Project & Document Manager WordPress plugin before 4.58 uses an easily guessable path to store user files, bad actors could use that to access other users' sensitive files.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | SP Project & Document Manager |
Affected:
0 , < 4.58
(custom)
|
Credits
Viktor Markopoulos
WPScan
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:10:03.030Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/51b4752a-7922-444d-a022-f1c7159b5d84"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"product": "SP Project \u0026 Document Manager",
"vendor": "Unknown",
"versions": [
{
"lessThan": "4.58",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Viktor Markopoulos"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The SP Project \u0026 Document Manager WordPress plugin before 4.58 uses an easily guessable path to store user files, bad actors could use that to access other users\u0027 sensitive files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-425 Direct Request (\u0027Forced Browsing\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-25T07:21:10.772Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/51b4752a-7922-444d-a022-f1c7159b5d84"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "SP Project \u0026 Document Manager \u003c 4.58 - Sensitive File Disclosure",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-1551",
"datePublished": "2022-07-25T12:46:15",
"dateReserved": "2022-05-02T00:00:00",
"dateUpdated": "2024-08-03T00:10:03.030Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-4225 (GCVE-0-2021-4225)
Vulnerability from nvd – Published: 2022-04-25 15:50 – Updated: 2024-08-03 17:16
VLAI?
Title
SP Project & Document Manager < 4.24 - Subscriber+ Shell Upload
Summary
The SP Project & Document Manager WordPress plugin before 4.24 allows any authenticated users, such as subscribers, to upload files. The plugin attempts to prevent PHP and other similar files that could be executed on the server from being uploaded by checking the file extension. It was discovered that on Windows servers, the security checks in place were insufficient, enabling bad actors to potentially upload backdoors on vulnerable sites.
Severity ?
No CVSS data available.
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | SP Project & Document Manager |
Affected:
4.24 , < 4.24
(custom)
|
Credits
pang0lin @webray.com.cn inc
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:16:04.292Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/bd1083d1-edcc-482e-a8a9-c8b6c8d417bd"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pang0lin/CVEproject/blob/main/wordpress_SP-Project_fileupload.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SP Project \u0026 Document Manager",
"vendor": "Unknown",
"versions": [
{
"lessThan": "4.24",
"status": "affected",
"version": "4.24",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "pang0lin @webray.com.cn inc"
}
],
"descriptions": [
{
"lang": "en",
"value": "The SP Project \u0026 Document Manager WordPress plugin before 4.24 allows any authenticated users, such as subscribers, to upload files. The plugin attempts to prevent PHP and other similar files that could be executed on the server from being uploaded by checking the file extension. It was discovered that on Windows servers, the security checks in place were insufficient, enabling bad actors to potentially upload backdoors on vulnerable sites."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-25T15:50:53",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/bd1083d1-edcc-482e-a8a9-c8b6c8d417bd"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pang0lin/CVEproject/blob/main/wordpress_SP-Project_fileupload.md"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "SP Project \u0026 Document Manager \u003c 4.24 - Subscriber+ Shell Upload",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-4225",
"STATE": "PUBLIC",
"TITLE": "SP Project \u0026 Document Manager \u003c 4.24 - Subscriber+ Shell Upload"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SP Project \u0026 Document Manager",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "4.24",
"version_value": "4.24"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "pang0lin @webray.com.cn inc"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SP Project \u0026 Document Manager WordPress plugin before 4.24 allows any authenticated users, such as subscribers, to upload files. The plugin attempts to prevent PHP and other similar files that could be executed on the server from being uploaded by checking the file extension. It was discovered that on Windows servers, the security checks in place were insufficient, enabling bad actors to potentially upload backdoors on vulnerable sites."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/bd1083d1-edcc-482e-a8a9-c8b6c8d417bd",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/bd1083d1-edcc-482e-a8a9-c8b6c8d417bd"
},
{
"name": "https://github.com/pang0lin/CVEproject/blob/main/wordpress_SP-Project_fileupload.md",
"refsource": "MISC",
"url": "https://github.com/pang0lin/CVEproject/blob/main/wordpress_SP-Project_fileupload.md"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-4225",
"datePublished": "2022-04-25T15:50:53",
"dateReserved": "2022-03-31T00:00:00",
"dateUpdated": "2024-08-03T17:16:04.292Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24347 (GCVE-0-2021-24347)
Vulnerability from nvd – Published: 2021-06-14 13:37 – Updated: 2024-08-03 19:28
VLAI?
Title
SP Project & Document Manager <2 4.22 - Authenticated Shell Upload
Summary
The SP Project & Document Manager WordPress plugin before 4.22 allows users to upload files, however, the plugin attempts to prevent php and other similar files that could be executed on the server from being uploaded by checking the file extension. It was discovered that php files could still be uploaded by changing the file extension's case, for example, from "php" to "pHP".
Severity ?
No CVSS data available.
CWE
- CWE-178 - Improper Handling of Case Sensitivity
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | SP Project & Document Manager |
Affected:
4.22 , < 4.22
(custom)
|
Credits
Viktor Markopoulos
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:28:23.833Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/8f6e82d5-c0e9-468e-acb8-7cd549f6a45a"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/163434/WordPress-SP-Project-And-Document-Manager-4.21-Shell-Upload.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/163675/WordPress-SP-Project-And-Document-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SP Project \u0026 Document Manager",
"vendor": "Unknown",
"versions": [
{
"lessThan": "4.22",
"status": "affected",
"version": "4.22",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Viktor Markopoulos"
}
],
"descriptions": [
{
"lang": "en",
"value": "The SP Project \u0026 Document Manager WordPress plugin before 4.22 allows users to upload files, however, the plugin attempts to prevent php and other similar files that could be executed on the server from being uploaded by checking the file extension. It was discovered that php files could still be uploaded by changing the file extension\u0027s case, for example, from \"php\" to \"pHP\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-178",
"description": "CWE-178 Improper Handling of Case Sensitivity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-01T12:45:43",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wpscan.com/vulnerability/8f6e82d5-c0e9-468e-acb8-7cd549f6a45a"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/163434/WordPress-SP-Project-And-Document-Manager-4.21-Shell-Upload.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/163675/WordPress-SP-Project-And-Document-Remote-Code-Execution.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "SP Project \u0026 Document Manager \u003c2 4.22 - Authenticated Shell Upload",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24347",
"STATE": "PUBLIC",
"TITLE": "SP Project \u0026 Document Manager \u003c2 4.22 - Authenticated Shell Upload"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SP Project \u0026 Document Manager",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "4.22",
"version_value": "4.22"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Viktor Markopoulos"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SP Project \u0026 Document Manager WordPress plugin before 4.22 allows users to upload files, however, the plugin attempts to prevent php and other similar files that could be executed on the server from being uploaded by checking the file extension. It was discovered that php files could still be uploaded by changing the file extension\u0027s case, for example, from \"php\" to \"pHP\"."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-178 Improper Handling of Case Sensitivity"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/8f6e82d5-c0e9-468e-acb8-7cd549f6a45a",
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/8f6e82d5-c0e9-468e-acb8-7cd549f6a45a"
},
{
"name": "http://packetstormsecurity.com/files/163434/WordPress-SP-Project-And-Document-Manager-4.21-Shell-Upload.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/163434/WordPress-SP-Project-And-Document-Manager-4.21-Shell-Upload.html"
},
{
"name": "http://packetstormsecurity.com/files/163675/WordPress-SP-Project-And-Document-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/163675/WordPress-SP-Project-And-Document-Remote-Code-Execution.html"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24347",
"datePublished": "2021-06-14T13:37:12",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:28:23.833Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}