CVE-2021-24252 - OpenCVE

The Event Banner WordPress plugin through 1.3 does not verify the uploaded image file, allowing admin accounts to upload arbitrary files, such as .exe, .php, or others executable, leading to RCE. Due to the lack of CSRF check, the issue can also be used via such vector to achieve the same result, or via a LFI as authorisation checks are missing (but would require WP to be loaded)

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Wp-eventmanager	Event Banner

Configuration 1 [-]

cpe:2.3:a:wp-eventmanager:event_banner:*:*:*:*:*:wordpress:*:*

No data.

References

Link	Providers
https://github.com/jinhuang1102/CVE-ID-Reports/blob/master/Event%20Banner.md
https://wpscan.com/vulnerability/91e81c6d-f24d-4f87-bc13-746715af8f7c

History

No history.

MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2021-05-05T18:39:43

Updated: 2024-08-03T19:28:22.564Z

Reserved: 2021-01-14T00:00:00

Link: CVE-2021-24252

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-05-06T13:15:11.757

Modified: 2022-10-25T19:26:25.357

Link: CVE-2021-24252

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Event Banner", "vendor": "Unknown", "versions": [{"lessThanOrEqual": "1.3", "status": "affected", "version": "1.3", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Jin Huang"}], "descriptions": [{"lang": "en", "value": "The Event Banner WordPress plugin through 1.3 does not verify the uploaded image file, allowing admin accounts to upload arbitrary files, such as .exe, .php, or others executable, leading to RCE. Due to the lack of CSRF check, the issue can also be used via such vector to achieve the same result, or via a LFI as authorisation checks are missing (but would require WP to be loaded)"}], "problemTypes": [{"descriptions": [{"cweId": "CWE-434", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-05-05T18:39:43", "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://wpscan.com/vulnerability/91e81c6d-f24d-4f87-bc13-746715af8f7c"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/jinhuang1102/CVE-ID-Reports/blob/master/Event%20Banner.md"}], "source": {"discovery": "UNKNOWN"}, "title": "Event Banner <= 1.3 - Arbitrary File Upload to RCE", "x_generator": "WPScan CVE Generator", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "contact@wpscan.com", "ID": "CVE-2021-24252", "STATE": "PUBLIC", "TITLE": "Event Banner <= 1.3 - Arbitrary File Upload to RCE"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Event Banner", "version": {"version_data": [{"version_affected": "<=", "version_name": "1.3", "version_value": "1.3"}]}}]}, "vendor_name": "Unknown"}]}}, "credit": [{"lang": "eng", "value": "Jin Huang"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Event Banner WordPress plugin through 1.3 does not verify the uploaded image file, allowing admin accounts to upload arbitrary files, such as .exe, .php, or others executable, leading to RCE. Due to the lack of CSRF check, the issue can also be used via such vector to achieve the same result, or via a LFI as authorisation checks are missing (but would require WP to be loaded)"}]}, "generator": "WPScan CVE Generator", "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-434 Unrestricted Upload of File with Dangerous Type"}]}]}, "references": {"reference_data": [{"name": "https://wpscan.com/vulnerability/91e81c6d-f24d-4f87-bc13-746715af8f7c", "refsource": "CONFIRM", "url": "https://wpscan.com/vulnerability/91e81c6d-f24d-4f87-bc13-746715af8f7c"}, {"name": "https://github.com/jinhuang1102/CVE-ID-Reports/blob/master/Event%20Banner.md", "refsource": "MISC", "url": "https://github.com/jinhuang1102/CVE-ID-Reports/blob/master/Event%20Banner.md"}]}, "source": {"discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T19:28:22.564Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://wpscan.com/vulnerability/91e81c6d-f24d-4f87-bc13-746715af8f7c"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/jinhuang1102/CVE-ID-Reports/blob/master/Event%20Banner.md"}]}]}, "cveMetadata": {"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "assignerShortName": "WPScan", "cveId": "CVE-2021-24252", "datePublished": "2021-05-05T18:39:43", "dateReserved": "2021-01-14T00:00:00", "dateUpdated": "2024-08-03T19:28:22.564Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wp-eventmanager:event_banner:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "E4FC3FEA-DDF9-4E75-A976-377415AE54B4", "versionEndIncluding": "1.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Event Banner WordPress plugin through 1.3 does not verify the uploaded image file, allowing admin accounts to upload arbitrary files, such as .exe, .php, or others executable, leading to RCE. Due to the lack of CSRF check, the issue can also be used via such vector to achieve the same result, or via a LFI as authorisation checks are missing (but would require WP to be loaded)"}, {"lang": "es", "value": "El plugin Event Banner WordPress versiones hasta 1.3, no verifica el archivo de imagen cargado, permitiendo que las cuentas de administrador cargar archivos arbitrarios, como .exe, .php u otros ejecutables, conllevando a RCE. Debido a una falta de comprobaci\u00f3n CSRF, el problema tambi\u00e9n puede ser utilizado por medio de dicho vector para lograr el mismo resultado, o por medio de un LFI, ya que faltan las comprobaciones de autorizaci\u00f3n (pero requerir\u00eda WP que sea cargado)"}], "id": "CVE-2021-24252", "lastModified": "2022-10-25T19:26:25.357", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-05-06T13:15:11.757", "references": [{"source": "contact@wpscan.com", "tags": ["Broken Link"], "url": "https://github.com/jinhuang1102/CVE-ID-Reports/blob/master/Event%20Banner.md"}, {"source": "contact@wpscan.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/91e81c6d-f24d-4f87-bc13-746715af8f7c"}], "sourceIdentifier": "contact@wpscan.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-434"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-434"}], "source": "contact@wpscan.com", "type": "Secondary"}]}