CVE-2021-30134 - Vulnerability Details

Vendors	Products
Ht Slider Range For Amazon Affiliates Project	Ht Slider Range For Amazon Affiliates
Php Curl Class Project	Php Curl Class
Ptwooplugins	Invoicing With Invoicexpress For Woocommerce
Qiwi	Woo-qiwi-payment-gateway
Shopello Api Project	Shopello Api
Teamleade	Teamleader Crm Forms

Link	Providers
https://wpscan.com/vulnerability/0b547728-27d2-402e-ae17-90d539344ec7

Show plain JSON

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2021-30134", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-03T22:24:59.641Z", "dateReserved": "2021-04-05T00:00:00", "datePublished": "2022-12-26T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2022-12-26T00:00:00"}, "descriptions": [{"lang": "en", "value": "php-mod/curl (a wrapper of the PHP cURL extension) before 2.3.2 allows XSS via the post_file_path_upload.php key parameter and the POST data to post_multidimensional.php."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://wpscan.com/vulnerability/0b547728-27d2-402e-ae17-90d539344ec7"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T22:24:59.641Z"}, "title": "CVE Program Container", "references": [{"url": "https://wpscan.com/vulnerability/0b547728-27d2-402e-ae17-90d539344ec7", "tags": ["x_transferred"]}]}]}}

{

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

cveMetadata : { »

state : PUBLISHED (string)

cveId : CVE-2021-30134 (string)

assignerOrgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

assignerShortName : mitre (string)

dateUpdated : 2024-08-03T22:24:59.641Z (string)

dateReserved : 2021-04-05T00:00:00 (string)

datePublished : 2022-12-26T00:00:00 (string)

}

containers : { »

cna : { »

providerMetadata : { »

orgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

shortName : mitre (string)

dateUpdated : 2022-12-26T00:00:00 (string)

}

descriptions : [ »

0 : { »

lang : en (string)

value : php-mod/curl (a wrapper of the PHP cURL extension) before 2.3.2 allows XSS via the post_file_path_upload.php key parameter and the POST data to post_multidimensional.php. (string)

}

]

affected : [ »

0 : { »

vendor : n/a (string)

product : n/a (string)

versions : [ »

0 : { »

version : n/a (string)

status : affected (string)

}

]

}

]

references : [ »

0 : { »

url : https://wpscan.com/vulnerability/0b547728-27d2-402e-ae17-90d539344ec7 (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

type : text (string)

lang : en (string)

description : n/a (string)

}

]

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-03T22:24:59.641Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

url : https://wpscan.com/vulnerability/0b547728-27d2-402e-ae17-90d539344ec7 (string)

tags : [ »

0 : x_transferred (string)

]

}

]

}

]

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:php_curl_class_project:php_curl_class:*:*:*:*:*:*:*:*", "matchCriteriaId": "1BC26360-FD11-4699-BF8C-BECE1947F9B3", "versionEndExcluding": "2.3.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ht_slider_range_for_amazon_affiliates_project:ht_slider_range_for_amazon_affiliates:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "C31340B1-37C0-45BE-8580-3F1ED2891E23", "versionEndExcluding": "1.1.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:qiwi:woo-qiwi-payment-gateway:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "A3091481-E7AD-4AF5-8583-54D6C18F65DB", "versionEndIncluding": "0.0.9", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:teamleade:teamleader_crm_forms:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "7DB49959-CE75-43DA-80CF-382504642ADA", "versionEndExcluding": "2.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ptwooplugins:invoicing_with_invoicexpress_for_woocommerce:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "5079EA20-647A-42DB-A58E-6002D4A05CBF", "versionEndExcluding": "3.0.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:shopello_api_project:shopello_api:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "322AB206-8FC7-40A8-80F6-98F24BCC9232", "versionEndIncluding": "2.9.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "php-mod/curl (a wrapper of the PHP cURL extension) before 2.3.2 allows XSS via the post_file_path_upload.php key parameter and the POST data to post_multidimensional.php."}, {"lang": "es", "value": "php-mod/curl (un contenedor de la extensi\u00f3n PHP cURL) anterior a 2.3.2 permite XSS a trav\u00e9s del par\u00e1metro clave post_file_path_upload.php y los datos POST en post_multidimensional.php."}], "id": "CVE-2021-30134", "lastModified": "2024-11-21T06:03:22.483", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-12-26T07:15:11.310", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/0b547728-27d2-402e-ae17-90d539344ec7"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/0b547728-27d2-402e-ae17-90d539344ec7"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:php_curl_class_project:php_curl_class:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 1BC26360-FD11-4699-BF8C-BECE1947F9B3 (string)

versionEndExcluding : 2.3.2 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

1 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:ht_slider_range_for_amazon_affiliates_project:ht_slider_range_for_amazon_affiliates:*:*:*:*:*:wordpress:*:* (string)

matchCriteriaId : C31340B1-37C0-45BE-8580-3F1ED2891E23 (string)

versionEndExcluding : 1.1.6 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

2 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:qiwi:woo-qiwi-payment-gateway:*:*:*:*:*:wordpress:*:* (string)

matchCriteriaId : A3091481-E7AD-4AF5-8583-54D6C18F65DB (string)

versionEndIncluding : 0.0.9 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

3 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:teamleade:teamleader_crm_forms:*:*:*:*:*:wordpress:*:* (string)

matchCriteriaId : 7DB49959-CE75-43DA-80CF-382504642ADA (string)

versionEndExcluding : 2.1.0 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

4 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:ptwooplugins:invoicing_with_invoicexpress_for_woocommerce:*:*:*:*:*:wordpress:*:* (string)

matchCriteriaId : 5079EA20-647A-42DB-A58E-6002D4A05CBF (string)

versionEndExcluding : 3.0.3 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

5 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:shopello_api_project:shopello_api:*:*:*:*:*:wordpress:*:* (string)

matchCriteriaId : 322AB206-8FC7-40A8-80F6-98F24BCC9232 (string)

versionEndIncluding : 2.9.0 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : php-mod/curl (a wrapper of the PHP cURL extension) before 2.3.2 allows XSS via the post_file_path_upload.php key parameter and the POST data to post_multidimensional.php. (string)

}

1 : { »

lang : es (string)

value : php-mod/curl (un contenedor de la extensión PHP cURL) anterior a 2.3.2 permite XSS a través del parámetro clave post_file_path_upload.php y los datos POST en post_multidimensional.php. (string)

}

]

id : CVE-2021-30134 (string)

lastModified : 2024-11-21T06:03:22.483 (string)

metrics : { »

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : NONE (string)

baseScore : 6.1 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : LOW (string)

integrityImpact : LOW (string)

privilegesRequired : NONE (string)

scope : CHANGED (string)

userInteraction : REQUIRED (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N (string)

version : 3.1 (string)

}

exploitabilityScore : 2.8 (number)

impactScore : 2.7 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2022-12-26T07:15:11.310 (string)

references : [ »

0 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Exploit (string)

1 : Third Party Advisory (string)

]

url : https://wpscan.com/vulnerability/0b547728-27d2-402e-ae17-90d539344ec7 (string)

}

1 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Exploit (string)

1 : Third Party Advisory (string)

]

url : https://wpscan.com/vulnerability/0b547728-27d2-402e-ae17-90d539344ec7 (string)

}

]

sourceIdentifier : cve@mitre.org (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-79 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object