CVE-2021-24490 - OpenCVE

The Email Artillery (MASS EMAIL) WordPress plugin through 4.1 does not properly check the uploaded files from the Import Emails feature, allowing arbitrary files to be uploaded. Furthermore, the plugin is also lacking any CSRF check, allowing such issue to be exploited via a CSRF attack as well. However, due to the presence of a .htaccess, denying access to everything in the folder the file is uploaded to, the malicious uploaded file will only be accessible on Web Servers such as Nginx/IIS

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:S/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Email Artillery Project	Email Artillery

Configuration 1 [-]

cpe:2.3:a:email_artillery_project:email_artillery:*:*:*:*:*:wordpress:*:*

No data.

References

Link	Providers
https://wpscan.com/vulnerability/4ea0127e-afef-41bf-a005-c57432f9f58c

History

No history.

MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2021-09-13T17:56:16

Updated: 2024-08-03T19:35:19.462Z

Reserved: 2021-01-14T00:00:00

Link: CVE-2021-24490

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-09-13T18:15:14.353

Modified: 2021-09-23T13:51:21.463

Link: CVE-2021-24490

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Email Artillery (MASS EMAIL)", "vendor": "Unknown", "versions": [{"lessThanOrEqual": "4.1", "status": "affected", "version": "4.1", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Jin Huang"}], "descriptions": [{"lang": "en", "value": "The Email Artillery (MASS EMAIL) WordPress plugin through 4.1 does not properly check the uploaded files from the Import Emails feature, allowing arbitrary files to be uploaded. Furthermore, the plugin is also lacking any CSRF check, allowing such issue to be exploited via a CSRF attack as well. However, due to the presence of a .htaccess, denying access to everything in the folder the file is uploaded to, the malicious uploaded file will only be accessible on Web Servers such as Nginx/IIS"}], "problemTypes": [{"descriptions": [{"cweId": "CWE-434", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-352", "description": "CWE-352 Cross-Site Request Forgery (CSRF)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-09-13T17:56:16", "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://wpscan.com/vulnerability/4ea0127e-afef-41bf-a005-c57432f9f58c"}], "source": {"discovery": "UNKNOWN"}, "title": "Email Artillery <= 4.1 - Arbitrary File Upload", "x_generator": "WPScan CVE Generator", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "contact@wpscan.com", "ID": "CVE-2021-24490", "STATE": "PUBLIC", "TITLE": "Email Artillery <= 4.1 - Arbitrary File Upload"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Email Artillery (MASS EMAIL)", "version": {"version_data": [{"version_affected": "<=", "version_name": "4.1", "version_value": "4.1"}]}}]}, "vendor_name": "Unknown"}]}}, "credit": [{"lang": "eng", "value": "Jin Huang"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Email Artillery (MASS EMAIL) WordPress plugin through 4.1 does not properly check the uploaded files from the Import Emails feature, allowing arbitrary files to be uploaded. Furthermore, the plugin is also lacking any CSRF check, allowing such issue to be exploited via a CSRF attack as well. However, due to the presence of a .htaccess, denying access to everything in the folder the file is uploaded to, the malicious uploaded file will only be accessible on Web Servers such as Nginx/IIS"}]}, "generator": "WPScan CVE Generator", "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-434 Unrestricted Upload of File with Dangerous Type"}]}, {"description": [{"lang": "eng", "value": "CWE-352 Cross-Site Request Forgery (CSRF)"}]}]}, "references": {"reference_data": [{"name": "https://wpscan.com/vulnerability/4ea0127e-afef-41bf-a005-c57432f9f58c", "refsource": "MISC", "url": "https://wpscan.com/vulnerability/4ea0127e-afef-41bf-a005-c57432f9f58c"}]}, "source": {"discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T19:35:19.462Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://wpscan.com/vulnerability/4ea0127e-afef-41bf-a005-c57432f9f58c"}]}]}, "cveMetadata": {"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "assignerShortName": "WPScan", "cveId": "CVE-2021-24490", "datePublished": "2021-09-13T17:56:16", "dateReserved": "2021-01-14T00:00:00", "dateUpdated": "2024-08-03T19:35:19.462Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:email_artillery_project:email_artillery:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "BFC5C644-ADFB-4EE1-9BC4-5341468E607A", "versionEndIncluding": "4.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Email Artillery (MASS EMAIL) WordPress plugin through 4.1 does not properly check the uploaded files from the Import Emails feature, allowing arbitrary files to be uploaded. Furthermore, the plugin is also lacking any CSRF check, allowing such issue to be exploited via a CSRF attack as well. However, due to the presence of a .htaccess, denying access to everything in the folder the file is uploaded to, the malicious uploaded file will only be accessible on Web Servers such as Nginx/IIS"}, {"lang": "es", "value": "El plugin Email Artillery de WordPress (MASS EMAIL) versiones hasta 4.1 no comprueba apropiadamente los archivos subidos desde la funcionalidad Import Emails, permitiendo que sean subidos archivos arbitrarios. Adem\u00e1s, el plugin tambi\u00e9n carece de cualquier comprobaci\u00f3n de tipo CSRF, permitiendo que este problema sea explotado tambi\u00e9n por medio de un ataque de tipo CSRF. Sin embargo, debido a la presencia de un .htaccess, denegando el acceso a todo lo que se presenta en la carpeta a la que es subido el archivo, el archivo malicioso subido s\u00f3lo ser\u00e1 accesible en servidores web como Nginx/IIS"}], "id": "CVE-2021-24490", "lastModified": "2021-09-23T13:51:21.463", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-09-13T18:15:14.353", "references": [{"source": "contact@wpscan.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/4ea0127e-afef-41bf-a005-c57432f9f58c"}], "sourceIdentifier": "contact@wpscan.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}, {"lang": "en", "value": "CWE-434"}], "source": "contact@wpscan.com", "type": "Primary"}]}