Published: 18/03/2021 Updated: 03/12/2021

CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8

CVSS v3 Base Score: 7.2 | Impact Score: 5.9 | Exploitability Score: 1.2

VMScore: 578

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

Arbitrary file upload in the Modern Events Calendar Lite WordPress plugin, versions prior to 5.16.5, did not properly check the imported file, allowing PHP ones to be uploaded by administrator by using the 'text/csv' content-type in the request.

Vulnerable Product	Search on Vulmon	Subscribe to Product
webnus modern events calendar lite

WordPress Modern Events Calendar plugin version 5162 suffers from a remote shell upload vulnerability ...

WordPress File Upload Vulnerability, Modern Events Calendar Lite WordPress plugin before 5.16.5

CVE-2021-24145 WordPress File Upload Vulnerability, Modern Events Calendar Lite WordPress plugin before 5165 nvdnistgov/vuln/detail/CVE-2021-24145 설치 및 실행 순서 1 WordPress 설치 설치를 진행할 때, docker-composeyml 파일에서 포트포워딩을 진행해주시기 바랍니다 $ docker-compose up 2 WordPress initial & Plugin instal

CWE-434 https://wpscan.com/vulnerability/f42cc26b-9aab-4824-8168-b5b8571d1610 http://packetstormsecurity.com/files/163346/WordPress-Modern-Events-Calendar-5.16.2-Shell-Upload.html http://packetstormsecurity.com/files/163672/WordPress-Modern-Events-Calendar-Remote-Code-Execution.html https://nvd.nist.gov https://github.com/dnr6419/CVE-2021-24145 https://packetstormsecurity.com/files/163346/WordPress-Modern-Events-Calendar-5.16.2-Shell-Upload.html

CVE-2021-24145

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect