CVE-2021-4225

Published: Apr 25, 2022Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

The SP Project & Document Manager WordPress plugin before 4.24 allows any authenticated users, such as subscribers, to upload files. The plugin attempts to prevent PHP and other similar files that could be executed on the server from being uploaded by checking the file extension. It was discovered that on Windows servers, the security checks in place were insufficient, enabling bad actors to potentially upload backdoors on vulnerable sites.

Affected (1)

Products: Smartypantsplugins: Sp Project & Document Manager

Smartypantsplugins

1 product

Sp Project & Document Manager

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Smartypantsplugins Sp Project & Document Manager	Before 4.24

Running on/with	Platform Versions
Microsoft Windows	All versions

Related CWEs

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (4)

https://github.com/pang0lin/CVEproject/blob/main/wordpress_SP-Project_fileupload.md

Source: contact@wpscan.com

ExploitThird Party Advisory

https://wpscan.com/vulnerability/bd1083d1-edcc-482e-a8a9-c8b6c8d417bd

Source: contact@wpscan.com

ExploitThird Party Advisory

https://github.com/pang0lin/CVEproject/blob/main/wordpress_SP-Project_fileupload.md

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://wpscan.com/vulnerability/bd1083d1-edcc-482e-a8a9-c8b6c8d417bd

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.