CVE-2021-24347 - OpenCVE

The SP Project & Document Manager WordPress plugin before 4.22 allows users to upload files, however, the plugin attempts to prevent php and other similar files that could be executed on the server from being uploaded by checking the file extension. It was discovered that php files could still be uploaded by changing the file extension's case, for example, from "php" to "pHP".

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Smartypantsplugins	Sp Project \& Document Manager

Configuration 1 [-]

cpe:2.3:a:smartypantsplugins:sp_project_\&_document_manager:*:*:*:*:*:wordpress:*:*

No data.

References

Link	Providers
http://packetstormsecurity.com/files/163434/WordPress-SP-Project-And-Document-Manager-4.21-Shell-Upload.html
http://packetstormsecurity.com/files/163675/WordPress-SP-Project-And-Document-Remote-Code-Execution.html
https://wpscan.com/vulnerability/8f6e82d5-c0e9-468e-acb8-7cd549f6a45a

History

No history.

MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2021-06-14T13:37:12

Updated: 2024-08-03T19:28:23.833Z

Reserved: 2021-01-14T00:00:00

Link: CVE-2021-24347

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-06-14T14:15:08.200

Modified: 2022-11-09T03:54:14.467

Link: CVE-2021-24347

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "SP Project & Document Manager", "vendor": "Unknown", "versions": [{"lessThan": "4.22", "status": "affected", "version": "4.22", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Viktor Markopoulos"}], "descriptions": [{"lang": "en", "value": "The SP Project & Document Manager WordPress plugin before 4.22 allows users to upload files, however, the plugin attempts to prevent php and other similar files that could be executed on the server from being uploaded by checking the file extension. It was discovered that php files could still be uploaded by changing the file extension's case, for example, from \"php\" to \"pHP\"."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-178", "description": "CWE-178 Improper Handling of Case Sensitivity", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-08-01T12:45:43", "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://wpscan.com/vulnerability/8f6e82d5-c0e9-468e-acb8-7cd549f6a45a"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/163434/WordPress-SP-Project-And-Document-Manager-4.21-Shell-Upload.html"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/163675/WordPress-SP-Project-And-Document-Remote-Code-Execution.html"}], "source": {"discovery": "UNKNOWN"}, "title": "SP Project & Document Manager <2 4.22 - Authenticated Shell Upload", "x_generator": "WPScan CVE Generator", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "contact@wpscan.com", "ID": "CVE-2021-24347", "STATE": "PUBLIC", "TITLE": "SP Project & Document Manager <2 4.22 - Authenticated Shell Upload"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "SP Project & Document Manager", "version": {"version_data": [{"version_affected": "<", "version_name": "4.22", "version_value": "4.22"}]}}]}, "vendor_name": "Unknown"}]}}, "credit": [{"lang": "eng", "value": "Viktor Markopoulos"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The SP Project & Document Manager WordPress plugin before 4.22 allows users to upload files, however, the plugin attempts to prevent php and other similar files that could be executed on the server from being uploaded by checking the file extension. It was discovered that php files could still be uploaded by changing the file extension's case, for example, from \"php\" to \"pHP\"."}]}, "generator": "WPScan CVE Generator", "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-178 Improper Handling of Case Sensitivity"}]}]}, "references": {"reference_data": [{"name": "https://wpscan.com/vulnerability/8f6e82d5-c0e9-468e-acb8-7cd549f6a45a", "refsource": "CONFIRM", "url": "https://wpscan.com/vulnerability/8f6e82d5-c0e9-468e-acb8-7cd549f6a45a"}, {"name": "http://packetstormsecurity.com/files/163434/WordPress-SP-Project-And-Document-Manager-4.21-Shell-Upload.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/163434/WordPress-SP-Project-And-Document-Manager-4.21-Shell-Upload.html"}, {"name": "http://packetstormsecurity.com/files/163675/WordPress-SP-Project-And-Document-Remote-Code-Execution.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/163675/WordPress-SP-Project-And-Document-Remote-Code-Execution.html"}]}, "source": {"discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T19:28:23.833Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://wpscan.com/vulnerability/8f6e82d5-c0e9-468e-acb8-7cd549f6a45a"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/163434/WordPress-SP-Project-And-Document-Manager-4.21-Shell-Upload.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/163675/WordPress-SP-Project-And-Document-Remote-Code-Execution.html"}]}]}, "cveMetadata": {"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "assignerShortName": "WPScan", "cveId": "CVE-2021-24347", "datePublished": "2021-06-14T13:37:12", "dateReserved": "2021-01-14T00:00:00", "dateUpdated": "2024-08-03T19:28:23.833Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:smartypantsplugins:sp_project_\\&_document_manager:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "90F6C4EA-89D0-4F40-B1B1-D7A4B395D879", "versionEndExcluding": "4.22", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The SP Project & Document Manager WordPress plugin before 4.22 allows users to upload files, however, the plugin attempts to prevent php and other similar files that could be executed on the server from being uploaded by checking the file extension. It was discovered that php files could still be uploaded by changing the file extension's case, for example, from \"php\" to \"pHP\"."}, {"lang": "es", "value": "El plugin SP Project & Document Manager WordPress versiones anteriores a 4.22, permite a usuarios subir archivos, sin embargo, el plugin intenta impedir que archivos php y otros similares que podr\u00edan ser ejecutados en el servidor donde han sido cargados al comprobar la extensi\u00f3n del archivo. Se detect\u00f3 que los archivos php pod\u00edan seguir siendo subidos al cambiar el caso de la extensi\u00f3n del archivo, por ejemplo, de \"php\" a \"pHP\""}], "id": "CVE-2021-24347", "lastModified": "2022-11-09T03:54:14.467", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-06-14T14:15:08.200", "references": [{"source": "contact@wpscan.com", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/163434/WordPress-SP-Project-And-Document-Manager-4.21-Shell-Upload.html"}, {"source": "contact@wpscan.com", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/163675/WordPress-SP-Project-And-Document-Remote-Code-Execution.html"}, {"source": "contact@wpscan.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/8f6e82d5-c0e9-468e-acb8-7cd549f6a45a"}], "sourceIdentifier": "contact@wpscan.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-178"}], "source": "contact@wpscan.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-178"}], "source": "nvd@nist.gov", "type": "Secondary"}]}