FKIE_CVE-2021-24252

Vulnerability from fkie_nvd - Published: 2021-05-06 13:15 - Updated: 2024-11-21 05:52
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
The Event Banner WordPress plugin through 1.3 does not verify the uploaded image file, allowing admin accounts to upload arbitrary files, such as .exe, .php, or others executable, leading to RCE. Due to the lack of CSRF check, the issue can also be used via such vector to achieve the same result, or via a LFI as authorisation checks are missing (but would require WP to be loaded)
References
contact@wpscan.comhttps://github.com/jinhuang1102/CVE-ID-Reports/blob/master/Event%20Banner.mdBroken Link
contact@wpscan.comhttps://wpscan.com/vulnerability/91e81c6d-f24d-4f87-bc13-746715af8f7cExploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/jinhuang1102/CVE-ID-Reports/blob/master/Event%20Banner.mdBroken Link
af854a3a-2127-422b-91ae-364da2661108https://wpscan.com/vulnerability/91e81c6d-f24d-4f87-bc13-746715af8f7cExploit, Third Party Advisory
Impacted products
Vendor Product Version
wp-eventmanager event_banner *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:wp-eventmanager:event_banner:*:*:*:*:*:wordpress:*:*",
              "matchCriteriaId": "E4FC3FEA-DDF9-4E75-A976-377415AE54B4",
              "versionEndIncluding": "1.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Event Banner WordPress plugin through 1.3 does not verify the uploaded image file, allowing admin accounts to upload arbitrary files, such as .exe, .php, or others executable, leading to RCE. Due to the lack of CSRF check, the issue can also be used via such vector to achieve the same result, or via a LFI as authorisation checks are missing (but would require WP to be loaded)"
    },
    {
      "lang": "es",
      "value": "El plugin Event Banner WordPress versiones hasta 1.3, no verifica el archivo de imagen cargado, permitiendo que las cuentas de administrador cargar archivos arbitrarios, como .exe, .php u otros ejecutables, conllevando a RCE.\u0026#xa0;Debido a una falta de comprobaci\u00f3n CSRF, el problema tambi\u00e9n  puede ser utilizado por medio de dicho vector para lograr el mismo resultado, o por medio de un LFI, ya que faltan las comprobaciones de autorizaci\u00f3n (pero requerir\u00eda WP que sea cargado)"
    }
  ],
  "id": "CVE-2021-24252",
  "lastModified": "2024-11-21T05:52:41.510",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-05-06T13:15:11.757",
  "references": [
    {
      "source": "contact@wpscan.com",
      "tags": [
        "Broken Link"
      ],
      "url": "https://github.com/jinhuang1102/CVE-ID-Reports/blob/master/Event%20Banner.md"
    },
    {
      "source": "contact@wpscan.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://wpscan.com/vulnerability/91e81c6d-f24d-4f87-bc13-746715af8f7c"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "https://github.com/jinhuang1102/CVE-ID-Reports/blob/master/Event%20Banner.md"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://wpscan.com/vulnerability/91e81c6d-f24d-4f87-bc13-746715af8f7c"
    }
  ],
  "sourceIdentifier": "contact@wpscan.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-434"
        }
      ],
      "source": "contact@wpscan.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-434"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.