3 matches found
CVE-2021-24248
The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11.1 did not properly check for imported files, forbidding certain extension via a blacklist approach, allowing administrator to import an archive with a .php4 inside for example, leading to RCE...
CVE-2021-24248
CVE-2021-24248 affects the WordPress plugin Business Directory Plugin – Easy Listing Directories (pre-5.11.1). Affected component is the import mechanism, which did not properly validate imported files: a blacklist approach allowed an archive containing a .php4 file to be uploaded, enabling an au...
CVE-2021-24248 Business Directory Plugin < 5.11.1 - Authenticated PHP4 Upload to RCE
The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11.1 did not properly check for imported files, forbidding certain extension via a blacklist approach, allowing administrator to import an archive with a .php4 inside for example, leading to RCE...