CVE-2021-24223 - OpenCVE

The N5 Upload Form WordPress plugin through 1.0 suffers from an arbitrary file upload issue in page where a Form from the plugin is embed, as any file can be uploaded. The uploaded filename might be hard to guess as it's generated with md5(uniqid(rand())), however, in the case of misconfigured servers with Directory listing enabled, accessing it is trivial.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
N5 Upload Form Project	N5 Upload Form

Configuration 1 [-]

cpe:2.3:a:n5_upload_form_project:n5_upload_form:*:*:*:*:*:wordpress:*:*

No data.

References

Link	Providers
https://github.com/jinhuang1102/CVE-ID-Reports/blob/12863f80ced5361e2e2c3f7209566ab3730aa37b/N5_upload.md
https://wpscan.com/vulnerability/d7a72183-0cd1-45de-b98b-2e295b27e5db

History

No history.

MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2021-04-12T14:04:01

Updated: 2024-08-03T19:21:18.787Z

Reserved: 2021-01-14T00:00:00

Link: CVE-2021-24223

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-04-12T14:15:15.697

Modified: 2021-04-20T00:58:25.270

Link: CVE-2021-24223

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "N5 Upload Form", "vendor": "Unknown", "versions": [{"lessThanOrEqual": "1.0", "status": "affected", "version": "1.0", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Jin Huang"}], "descriptions": [{"lang": "en", "value": "The N5 Upload Form WordPress plugin through 1.0 suffers from an arbitrary file upload issue in page where a Form from the plugin is embed, as any file can be uploaded. The uploaded filename might be hard to guess as it's generated with md5(uniqid(rand())), however, in the case of misconfigured servers with Directory listing enabled, accessing it is trivial."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-434", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-04-12T14:04:01", "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://wpscan.com/vulnerability/d7a72183-0cd1-45de-b98b-2e295b27e5db"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/jinhuang1102/CVE-ID-Reports/blob/12863f80ced5361e2e2c3f7209566ab3730aa37b/N5_upload.md"}], "source": {"discovery": "UNKNOWN"}, "title": "N5 Upload Form <= 1.0 - Unauthenticated Arbitrary File Upload to RCE", "x_generator": "WPScan CVE Generator", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "contact@wpscan.com", "ID": "CVE-2021-24223", "STATE": "PUBLIC", "TITLE": "N5 Upload Form <= 1.0 - Unauthenticated Arbitrary File Upload to RCE"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "N5 Upload Form", "version": {"version_data": [{"version_affected": "<=", "version_name": "1.0", "version_value": "1.0"}]}}]}, "vendor_name": "Unknown"}]}}, "credit": [{"lang": "eng", "value": "Jin Huang"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The N5 Upload Form WordPress plugin through 1.0 suffers from an arbitrary file upload issue in page where a Form from the plugin is embed, as any file can be uploaded. The uploaded filename might be hard to guess as it's generated with md5(uniqid(rand())), however, in the case of misconfigured servers with Directory listing enabled, accessing it is trivial."}]}, "generator": "WPScan CVE Generator", "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-434 Unrestricted Upload of File with Dangerous Type"}]}]}, "references": {"reference_data": [{"name": "https://wpscan.com/vulnerability/d7a72183-0cd1-45de-b98b-2e295b27e5db", "refsource": "CONFIRM", "url": "https://wpscan.com/vulnerability/d7a72183-0cd1-45de-b98b-2e295b27e5db"}, {"name": "https://github.com/jinhuang1102/CVE-ID-Reports/blob/12863f80ced5361e2e2c3f7209566ab3730aa37b/N5_upload.md", "refsource": "MISC", "url": "https://github.com/jinhuang1102/CVE-ID-Reports/blob/12863f80ced5361e2e2c3f7209566ab3730aa37b/N5_upload.md"}]}, "source": {"discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T19:21:18.787Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://wpscan.com/vulnerability/d7a72183-0cd1-45de-b98b-2e295b27e5db"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/jinhuang1102/CVE-ID-Reports/blob/12863f80ced5361e2e2c3f7209566ab3730aa37b/N5_upload.md"}]}]}, "cveMetadata": {"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "assignerShortName": "WPScan", "cveId": "CVE-2021-24223", "datePublished": "2021-04-12T14:04:01", "dateReserved": "2021-01-14T00:00:00", "dateUpdated": "2024-08-03T19:21:18.787Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:n5_upload_form_project:n5_upload_form:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "4574B2B6-93D5-42AB-8F4C-7CECAE38FA74", "versionEndIncluding": "1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The N5 Upload Form WordPress plugin through 1.0 suffers from an arbitrary file upload issue in page where a Form from the plugin is embed, as any file can be uploaded. The uploaded filename might be hard to guess as it's generated with md5(uniqid(rand())), however, in the case of misconfigured servers with Directory listing enabled, accessing it is trivial."}, {"lang": "es", "value": "El plugin N5 Upload Form WordPress versiones hasta 1.0, sufre un problema de carga de archivos arbitrario en la p\u00e1gina donde es insertado un Formulario del plugin, ya que cualquier archivo puede ser cargado. El nombre del archivo cargado puede ser dif\u00edcil de adivinar ya que se genera con md5 (uniqid (rand())), sin embargo, en el caso de servidores configurados inapropiadamente con la lista de Directorios habilitada, acceder a \u00e9l es trivial"}], "id": "CVE-2021-24223", "lastModified": "2021-04-20T00:58:25.270", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-04-12T14:15:15.697", "references": [{"source": "contact@wpscan.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/jinhuang1102/CVE-ID-Reports/blob/12863f80ced5361e2e2c3f7209566ab3730aa37b/N5_upload.md"}, {"source": "contact@wpscan.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/d7a72183-0cd1-45de-b98b-2e295b27e5db"}], "sourceIdentifier": "contact@wpscan.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-434"}], "source": "contact@wpscan.com", "type": "Primary"}]}