Lucene search
WPScanCVELIST:CVE-2021-4225HistoryApr 25, 2022 - 3:50 p.m.
CVE-2021-4225 SP Project & Document Manager < 4.24 - Subscriber+ Shell Upload
2022-04-2515:50:53
CWE-434
WPScan
www.cve.org
2
cve-2021-4225; wordpress plugin; file upload; security checks; windows servers; backdoors; vulnerable sites
The SP Project & Document Manager WordPress plugin before 4.24 allows any authenticated users, such as subscribers, to upload files. The plugin attempts to prevent PHP and other similar files that could be executed on the server from being uploaded by checking the file extension. It was discovered that on Windows servers, the security checks in place were insufficient, enabling bad actors to potentially upload backdoors on vulnerable sites.
CNA Affected
[
{
"product": "SP Project & Document Manager",
"vendor": "Unknown",
"versions": [
{
"lessThan": "4.24",
"status": "affected",
"version": "4.24",
"versionType": "custom"
}
]
}
]Related
nvd
nvd
CVE-2021-4225
2022-04-25 16:16:07
cnvd
cnvd
WordPress SP Project
2022-04-27 00:00:00
cve
cve
CVE-2021-4225
2022-04-25 16:16:07
prion
prion
Design/Logic Flaw
2022-04-25 16:16:00