Lucene search
WPScanCVELIST:CVE-2021-24347HistoryJun 14, 2021 - 1:37 p.m.
CVE-2021-24347 SP Project & Document Manager <2 4.22 - Authenticated Shell Upload
2021-06-1413:37:12
CWE-178
WPScan
www.cve.org
6
vulnerability
sp project & document manager
wordpress
file upload
file extension validation
The SP Project & Document Manager WordPress plugin before 4.22 allows users to upload files, however, the plugin attempts to prevent php and other similar files that could be executed on the server from being uploaded by checking the file extension. It was discovered that php files could still be uploaded by changing the file extension’s case, for example, from “php” to “pHP”.
CNA Affected
[
{
"product": "SP Project & Document Manager",
"vendor": "Unknown",
"versions": [
{
"lessThan": "4.22",
"status": "affected",
"version": "4.22",
"versionType": "custom"
}
]
}
]Related
exploitdb
exploitdb
packetstorm
packetstorm
WordPress SP Project And Document Manager 4.21 Shell Upload
2021-07-08 00:00:00
WordPress SP Project And Document Remote Code Execution
2021-07-26 00:00:00
prion
prion
Code injection
2021-06-14 14:15:00
patchstack
patchstack
nuclei
nuclei
WordPress SP Project & Document Manager <4.22 - Authenticated Shell Upload
2023-03-05 13:42:10
cve
cve
CVE-2021-24347
2021-06-14 14:15:08
nvd
nvd
CVE-2021-24347
2021-06-14 14:15:08
wpvulndb
wpvulndb
SP Project & Document Manager < 4.22 - Authenticated Shell Upload
2021-05-25 00:00:00
zdt
zdt
Wordpress SP Project & Document Manager 4.21 Plugin - Remote Code Execution Exploit
2021-07-08 00:00:00
WordPress SP Project And Document Remote Code Execution Exploit
2021-07-26 00:00:00
metasploit
metasploit
wpexploit
wpexploit
SP Project & Document Manager < 4.22 - Authenticated Shell Upload
2021-05-25 00:00:00
rapid7blog
rapid7blog
Metasploit Wrap-Up
2021-07-30 18:04:33
checkpoint_advisories
checkpoint_advisories