OpenCVE

php-mod/curl (a wrapper of the PHP cURL extension) before 2.3.2 allows XSS via the post_file_path_upload.php key parameter and the POST data to post_multidimensional.php.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ht Slider Range For Amazon Affiliates Project	Ht Slider Range For Amazon Affiliates
Php Curl Class Project	Php Curl Class
Ptwooplugins	Invoicing With Invoicexpress For Woocommerce
Qiwi	Woo-qiwi-payment-gateway
Shopello Api Project	Shopello Api
Teamleade	Teamleader Crm Forms

Configuration 1 [-]

cpe:2.3:a:php_curl_class_project:php_curl_class:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:a:ht_slider_range_for_amazon_affiliates_project:ht_slider_range_for_amazon_affiliates:*:*:*:*:*:wordpress:*:*

Configuration 3 [-]

cpe:2.3:a:qiwi:woo-qiwi-payment-gateway:*:*:*:*:*:wordpress:*:*

Configuration 4 [-]

cpe:2.3:a:teamleade:teamleader_crm_forms:*:*:*:*:*:wordpress:*:*

Configuration 5 [-]

cpe:2.3:a:ptwooplugins:invoicing_with_invoicexpress_for_woocommerce:*:*:*:*:*:wordpress:*:*

Configuration 6 [-]

cpe:2.3:a:shopello_api_project:shopello_api:*:*:*:*:*:wordpress:*:*

No data.

References

Link	Providers
https://wpscan.com/vulnerability/0b547728-27d2-402e-ae17-90d539344ec7

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2022-12-26T00:00:00

Updated: 2024-08-03T22:24:59.641Z

Reserved: 2021-04-05T00:00:00

Link: CVE-2021-30134

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-12-26T07:15:11.310

Modified: 2024-11-21T06:03:22.483

Link: CVE-2021-30134

Redhat

No data.

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:php_curl_class_project:php_curl_class:*:*:*:*:*:*:*:*", "matchCriteriaId": "1BC26360-FD11-4699-BF8C-BECE1947F9B3", "versionEndExcluding": "2.3.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ht_slider_range_for_amazon_affiliates_project:ht_slider_range_for_amazon_affiliates:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "C31340B1-37C0-45BE-8580-3F1ED2891E23", "versionEndExcluding": "1.1.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:qiwi:woo-qiwi-payment-gateway:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "A3091481-E7AD-4AF5-8583-54D6C18F65DB", "versionEndIncluding": "0.0.9", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:teamleade:teamleader_crm_forms:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "7DB49959-CE75-43DA-80CF-382504642ADA", "versionEndExcluding": "2.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ptwooplugins:invoicing_with_invoicexpress_for_woocommerce:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "5079EA20-647A-42DB-A58E-6002D4A05CBF", "versionEndExcluding": "3.0.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:shopello_api_project:shopello_api:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "322AB206-8FC7-40A8-80F6-98F24BCC9232", "versionEndIncluding": "2.9.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "php-mod/curl (a wrapper of the PHP cURL extension) before 2.3.2 allows XSS via the post_file_path_upload.php key parameter and the POST data to post_multidimensional.php."}, {"lang": "es", "value": "php-mod/curl (un contenedor de la extensi\u00f3n PHP cURL) anterior a 2.3.2 permite XSS a trav\u00e9s del par\u00e1metro clave post_file_path_upload.php y los datos POST en post_multidimensional.php."}], "id": "CVE-2021-30134", "lastModified": "2024-11-21T06:03:22.483", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-12-26T07:15:11.310", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/0b547728-27d2-402e-ae17-90d539344ec7"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/0b547728-27d2-402e-ae17-90d539344ec7"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}