CVE-2021-24223

🗓️ 12 Apr 2021 14:04:01Reported by WPScanType

The N5 Upload Form WordPress plugin through 1.0 suffers from an arbitrary file upload issue in page where a Form from the plugin is embed, as any file can be uploaded. The uploaded filename might be hard to guess as it's generated with md5(uniqid(rand())), however, in the case of misconfigured servers with Directory listing enabled, accessing it is trivial

Reporter	Title	Published	Views	Family All 10
CNNVD	WordPress 插件代码问题漏洞	12 Apr 202100:00	–	cnnvd
CNVD	WordPress Plugin Arbitrary File Upload Vulnerability	14 Apr 202100:00	–	cnvd
Cvelist	CVE-2021-24223 N5 Upload Form <= 1.0 - Unauthenticated Arbitrary File Upload to RCE	12 Apr 202114:04	–	cvelist
EUVD	EUVD-2021-11137	7 Oct 202500:30	–	euvd
NVD	CVE-2021-24223	12 Apr 202114:15	–	nvd
Patchstack	WordPress N5 Upload Form plugin <= 1.0 - Unauthenticated Arbitrary File Upload vulnerability leading to Remote Code Execution (RCE)	27 Mar 202100:00	–	patchstack
Prion	Design/Logic Flaw	12 Apr 202114:15	–	prion
RedhatCVE	CVE-2021-24223	22 May 202519:20	–	redhatcve
wpexploit	N5 Upload Form <= 1.0 - Unauthenticated Arbitrary File Upload to RCE	26 Mar 202100:00	–	wpexploit
WPVulnDB	N5 Upload Form <= 1.0 - Unauthenticated Arbitrary File Upload to RCE	26 Mar 202100:00	–	wpvulndb

NVD

Vulners

Node

n5_upload_form_project n5_upload_formRange≤1.0wordpress

[
  {
    "product": "N5 Upload Form",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThanOrEqual": "1.0",
        "status": "affected",
        "version": "1.0",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
wpscan	www.wpscan.com/vulnerability/d7a72183-0cd1-45de-b98b-2e295b27e5db
github	www.github.com/jinhuang1102/CVE-ID-Reports/blob/12863f80ced5361e2e2c3f7209566ab3730aa37b/N5_upload.md

21 Nov 2024 05:52Current

9.5High risk

Vulners AI Score9.5

CVSS 27.5

CVSS 3.19.8

EPSS0.00919

CWE-434