CVE-2021-24145
Published Mar 18, 2021
Last updated 3 years ago
Overview
- Description
- Arbitrary file upload in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not properly check the imported file, allowing PHP ones to be uploaded by administrator by using the 'text/csv' content-type in the request.
- Source
- contact@wpscan.com
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 7.2
- Impact score
- 5.9
- Exploitability score
- 1.2
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 6.5
- Impact score
- 6.4
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:P/I:P/A:P
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webnus:modern_events_calendar_lite:*:*:*:*:*:wordpress:*:*",
"vulnerable": true,
"matchCriteriaId": "BD00028C-3D21-47D5-BC22-73761A049EFB",
"versionEndExcluding": "5.16.5"
}
],
"operator": "OR"
}
]
}
]