Description
The WordPress PDF Light Viewer Plugin WordPress plugin before 1.4.12 allows users with Author roles to execute arbitrary OS command on the server via OS Command Injection when invoking Ghostscript.
Affected Software
Related
{"id": "CVE-2021-24684", "vendorId": null, "type": "cve", "bulletinFamily": "NVD", "title": "CVE-2021-24684", "description": "The WordPress PDF Light Viewer Plugin WordPress plugin before 1.4.12 allows users with Author roles to execute arbitrary OS command on the server via OS Command Injection when invoking Ghostscript.", "published": "2021-10-18T14:15:00", "modified": "2021-11-04T12:52:00", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "baseScore": 9.0}, "severity": "HIGH", "exploitabilityScore": 8.0, "impactScore": 10.0, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24684", "reporter": "contact@wpscan.com", "references": ["https://wpscan.com/vulnerability/b5295bf9-8cf6-416e-b215-074742a5fc63"], "cvelist": ["CVE-2021-24684"], "immutableFields": [], "lastseen": "2022-03-23T15:01:22", "viewCount": 16, "enchantments": {"dependencies": {"references": [{"type": "wpexploit", "idList": ["WPEX-ID:B5295BF9-8CF6-416E-B215-074742A5FC63"]}, {"type": "wpvulndb", "idList": ["WPVDB-ID:B5295BF9-8CF6-416E-B215-074742A5FC63"]}], "rev": 4}, "score": {"value": 5.5, "vector": "NONE"}, "backreferences": {"references": [{"type": "wpexploit", "idList": ["WPEX-ID:B5295BF9-8CF6-416E-B215-074742A5FC63"]}, {"type": "wpvulndb", "idList": ["WPVDB-ID:B5295BF9-8CF6-416E-B215-074742A5FC63"]}]}, "exploitation": null, "vulnersScore": 5.5}, "_state": {"dependencies": 0}, "_internal": {}, "cna_cvss": {"cna": null, "cvss": {}}, "cpe": [], "cpe23": [], "cwe": ["CWE-78"], "affectedSoftware": [{"cpeName": "teamlead:pdf-light-viewer", "version": "1.4.12", "operator": "lt", "name": "teamlead pdf-light-viewer"}], "affectedConfiguration": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:a:teamlead:pdf-light-viewer:1.4.12:*:*:*:*:wordpress:*:*", "versionEndExcluding": "1.4.12", "cpe_name": []}]}]}, "extraReferences": [{"url": "https://wpscan.com/vulnerability/b5295bf9-8cf6-416e-b215-074742a5fc63", "name": "https://wpscan.com/vulnerability/b5295bf9-8cf6-416e-b215-074742a5fc63", "refsource": "MISC", "tags": ["Exploit", "Third Party Advisory"]}]}
{"patchstack": [{"lastseen": "2022-06-01T19:30:18", "description": "Authenticated Command Injection vulnerability discovered by apple502j in WordPress PDF Light Viewer plugin (versions <= 1.4.11).\n\n## Solution\n\n\r\n Update the WordPress PDF Light Viewer plugin to the latest available version (at least 1.4.12).\r\n ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-15T00:00:00", "type": "patchstack", "title": "WordPress PDF Light Viewer plugin <= 1.4.11 - Authenticated Command Injection vulnerability", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-24684"], "modified": "2021-09-15T00:00:00", "id": "PATCHSTACK:02090713B971005ACE7FE8ED3734E6CF", "href": "https://patchstack.com/database/vulnerability/pdf-light-viewer/wordpress-pdf-light-viewer-plugin-1-4-11-authenticated-command-injection-vulnerability", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "wpvulndb": [{"lastseen": "2021-11-26T19:29:56", "description": "The plugin allows users with Author roles to execute arbitrary OS command on the server via OS Command Injection when invoking Ghostscript.\n\n### PoC\n\n1) Go to Import PDF. 2) Select PDF file. 3) Set compression as 60 | calc | echo 4) Toggle import (the first checkbox) 5) Publish or update 6) Command executes\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-09-15T00:00:00", "type": "wpvulndb", "title": "PDF Light Viewer < 1.4.12 - Authenticated Command Injection", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-24684"], "modified": "2021-09-20T09:54:34", "id": "WPVDB-ID:B5295BF9-8CF6-416E-B215-074742A5FC63", "href": "https://wpscan.com/vulnerability/b5295bf9-8cf6-416e-b215-074742a5fc63", "sourceData": "", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "wpexploit": [{"lastseen": "2021-11-26T19:29:56", "description": "The plugin allows users with Author roles to execute arbitrary OS command on the server via OS Command Injection when invoking Ghostscript.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-09-15T00:00:00", "type": "wpexploit", "title": "PDF Light Viewer < 1.4.12 - Authenticated Command Injection", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-24684"], "modified": "2021-09-20T09:54:34", "id": "WPEX-ID:B5295BF9-8CF6-416E-B215-074742A5FC63", "href": "", "sourceData": "1) Go to Import PDF.\r\n2) Select PDF file.\r\n3) Set compression as 60 | calc | echo\r\n4) Toggle import (the first checkbox)\r\n5) Publish or update\r\n6) Command executes", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}]}
CVE-2021-24684
