Arbitrary file upload in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not properly check the imported file, allowing PHP ones to be uploaded by administrator by using the 'text/csv' content-type in the request.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2021-03-18T14:57:50

Updated: 2024-08-03T19:21:18.213Z

Reserved: 2021-01-14T00:00:00

Link: CVE-2021-24145

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-03-18T15:15:15.400

Modified: 2024-11-21T05:52:27.740

Link: CVE-2021-24145

cve-icon Redhat

No data.