CVE-2021-24223
Published Apr 12, 2021
Last updated 4 years ago
Overview
- Description
- The N5 Upload Form WordPress plugin through 1.0 suffers from an arbitrary file upload issue in page where a Form from the plugin is embed, as any file can be uploaded. The uploaded filename might be hard to guess as it's generated with md5(uniqid(rand())), however, in the case of misconfigured servers with Directory listing enabled, accessing it is trivial.
- Source
- contact@wpscan.com
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
Weaknesses
- contact@wpscan.com
- CWE-434
Configurations
[ { "nodes": [ { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:a:n5_upload_form_project:n5_upload_form:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "4574B2B6-93D5-42AB-8F4C-7CECAE38FA74", "versionEndIncluding": "1.0" } ], "operator": "OR" } ] } ]