CVE-2021-24549 - OpenCVE

The AceIDE WordPress plugin through 2.6.2 does not sanitise or validate the user input which is appended to system paths before using it in various actions, such as to read arbitrary files from the server. This allows high privilege users such as administrator to access any file on the web server outside of the blog directory via a path traversal attack.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:S/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Aceide Project	Aceide

Configuration 1 [-]

cpe:2.3:a:aceide_project:aceide:*:*:*:*:*:wordpress:*:*

No data.

References

Link	Providers
https://codevigilant.com/disclosure/2021/wp-plugin-aceide/
https://wpscan.com/vulnerability/c594abaf-b152-448c-8a20-9b3267fe547a

History

No history.

MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2021-08-23T11:10:03

Updated: 2024-08-03T19:35:20.123Z

Reserved: 2021-01-14T00:00:00

Link: CVE-2021-24549

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-08-23T12:15:09.567

Modified: 2021-08-26T19:23:58.927

Link: CVE-2021-24549

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "AceIDE", "vendor": "Unknown", "versions": [{"lessThanOrEqual": "2.6.2", "status": "affected", "version": "2.6.2", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Shreya Pohekar of Codevigilant Project"}], "descriptions": [{"lang": "en", "value": "The AceIDE WordPress plugin through 2.6.2 does not sanitise or validate the user input which is appended to system paths before using it in various actions, such as to read arbitrary files from the server. This allows high privilege users such as administrator to access any file on the web server outside of the blog directory via a path traversal attack."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-08-23T11:10:03", "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://wpscan.com/vulnerability/c594abaf-b152-448c-8a20-9b3267fe547a"}, {"tags": ["x_refsource_MISC"], "url": "https://codevigilant.com/disclosure/2021/wp-plugin-aceide/"}], "source": {"discovery": "UNKNOWN"}, "title": "AceIDE <= 2.6.2 - Authenticated (admin+) Arbitrary File Access", "x_generator": "WPScan CVE Generator", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "contact@wpscan.com", "ID": "CVE-2021-24549", "STATE": "PUBLIC", "TITLE": "AceIDE <= 2.6.2 - Authenticated (admin+) Arbitrary File Access"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "AceIDE", "version": {"version_data": [{"version_affected": "<=", "version_name": "2.6.2", "version_value": "2.6.2"}]}}]}, "vendor_name": "Unknown"}]}}, "credit": [{"lang": "eng", "value": "Shreya Pohekar of Codevigilant Project"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The AceIDE WordPress plugin through 2.6.2 does not sanitise or validate the user input which is appended to system paths before using it in various actions, such as to read arbitrary files from the server. This allows high privilege users such as administrator to access any file on the web server outside of the blog directory via a path traversal attack."}]}, "generator": "WPScan CVE Generator", "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}]}, "references": {"reference_data": [{"name": "https://wpscan.com/vulnerability/c594abaf-b152-448c-8a20-9b3267fe547a", "refsource": "MISC", "url": "https://wpscan.com/vulnerability/c594abaf-b152-448c-8a20-9b3267fe547a"}, {"name": "https://codevigilant.com/disclosure/2021/wp-plugin-aceide/", "refsource": "MISC", "url": "https://codevigilant.com/disclosure/2021/wp-plugin-aceide/"}]}, "source": {"discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T19:35:20.123Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://wpscan.com/vulnerability/c594abaf-b152-448c-8a20-9b3267fe547a"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://codevigilant.com/disclosure/2021/wp-plugin-aceide/"}]}]}, "cveMetadata": {"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "assignerShortName": "WPScan", "cveId": "CVE-2021-24549", "datePublished": "2021-08-23T11:10:03", "dateReserved": "2021-01-14T00:00:00", "dateUpdated": "2024-08-03T19:35:20.123Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:aceide_project:aceide:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "E62E3E51-92FA-4E2F-A2B5-B3D2140B8507", "versionEndIncluding": "2.6.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The AceIDE WordPress plugin through 2.6.2 does not sanitise or validate the user input which is appended to system paths before using it in various actions, such as to read arbitrary files from the server. This allows high privilege users such as administrator to access any file on the web server outside of the blog directory via a path traversal attack."}, {"lang": "es", "value": "El plugin AceIDE WordPress versiones hasta 2.6.2, no sanea ni comprueba la entrada del usuario que se anexa a las rutas del sistema antes de usarla en varias acciones, como la lectura de archivos arbitrarios desde el servidor. Esto permite a usuarios con altos privilegios, como el administrador, acceder a cualquier archivo en el servidor web fuera del directorio del blog por medio de un ataque de salto de ruta."}], "id": "CVE-2021-24549", "lastModified": "2021-08-26T19:23:58.927", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-08-23T12:15:09.567", "references": [{"source": "contact@wpscan.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://codevigilant.com/disclosure/2021/wp-plugin-aceide/"}, {"source": "contact@wpscan.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/c594abaf-b152-448c-8a20-9b3267fe547a"}], "sourceIdentifier": "contact@wpscan.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "contact@wpscan.com", "type": "Primary"}]}