Lucene search
+L

4 matches found

Circl
Circl
added 2023/04/27 9:58 a.m.13 views

CVE-2021-24236

creationtimestamp| type| source ---|---|--- 2023-04-27 09:58:59+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-24236.yaml...

9.8CVSS6.8AI score0.0714EPSS
Exploits2References1
NVD
NVD
added 2021/05/06 1:15 p.m.25 views

CVE-2021-24236

The Imagements WordPress plugin through 1.2.5 allows images to be uploaded in comments, however only checks for the Content-Type in the request to forbid dangerous files. This allows unauthenticated attackers to upload arbitrary files by using a valid image Content-Type along with a PHP filename...

9.8CVSS0.0714EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2021/04/08 12:0 a.m.25 views

Imagements <= 1.2.5 - Unauthenticated Arbitrary File Upload to RCE

The Imagements WordPress plugin, versions = 1.2.5, allowed images to be uploaded in comments, however, only checked for the Content-Type HTTP header for validation, which can be tampered with. This allows unauthenticated attackers to upload arbitrary files by using a valid image Content-Type head...

7.5CVSS3.9AI score0.0714EPSS
Exploits2References1Affected Software1
wpexploit
wpexploit
added 2021/04/08 12:0 a.m.159 views

Imagements <= 1.2.5 - Unauthenticated Arbitrary File Upload to RCE

The Imagements WordPress plugin, versions = 1.2.5, allowed images to be uploaded in comments, however, only checked for the Content-Type HTTP header for validation, which can be tampered with. This allows unauthenticated attackers to upload arbitrary files by using a valid image Content-Type head...

7.5CVSS1.6AI score0.0714EPSS
Exploits2References1
Rows per page
Query Builder