Lucene search
WPScanCVELIST:CVE-2021-24472HistoryAug 02, 2021 - 10:32 a.m.
CVE-2021-24472 Onair2 < 3.9.9.2 & KenthaRadio < 2.0.2 - Unauthenticated RFI and SSRF
2021-08-0210:32:13
CWE-918
WPScan
www.cve.org
The OnAir2 WordPress theme before 3.9.9.2 and QT KenthaRadio WordPress plugin before 2.0.2 have exposed proxy functionality to unauthenticated users, sending requests to this proxy functionality will have the web server fetch and display the content from any URI, this would allow for SSRF (Server Side Request Forgery) and RFI (Remote File Inclusion) vulnerabilities on the website.
CNA Affected
[
{
"product": "QT KenthaRadio",
"vendor": "QantumThemes",
"versions": [
{
"lessThan": "2.0.2",
"status": "affected",
"version": "2.0.2",
"versionType": "custom"
}
]
},
{
"product": "OnAir2",
"vendor": "QantumThemes",
"versions": [
{
"lessThan": "3.9.9.2",
"status": "affected",
"version": "3.9.9.2",
"versionType": "custom"
}
]
}
]Related
wpvulndb
wpvulndb
Onair2 < 3.9.9.2 & KenthaRadio < 2.0.2 - Unauthenticated RFI and SSRF
2021-06-28 00:00:00
nvd
nvd
CVE-2021-24472
2021-08-02 11:15:10
cve
cve
CVE-2021-24472
2021-08-02 11:15:10
nuclei
nuclei
wpexploit
wpexploit
Onair2 < 3.9.9.2 & KenthaRadio < 2.0.2 - Unauthenticated RFI and SSRF
2021-06-28 00:00:00
prion
prion
Server side request forgery (ssrf)
2021-08-02 11:15:00