Published: 14/06/2021 Updated: 09/11/2022

CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 580

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

Subscribe to Sp Project \& Document Manager

The SP Project & Document Manager WordPress plugin prior to 4.22 allows users to upload files, however, the plugin attempts to prevent php and other similar files that could be executed on the server from being uploaded by checking the file extension. It exists that php files could still be uploaded by changing the file extension's case, for example, from "php" to "pHP".

Vulnerable Product	Search on Vulmon	Subscribe to Product
smartypantsplugins sp project \\& document manager

WordPress SP Project and Document Manager plugin version 421 suffers from a remote shell upload vulnerability ...

CWE-178 https://wpscan.com/vulnerability/8f6e82d5-c0e9-468e-acb8-7cd549f6a45a http://packetstormsecurity.com/files/163434/WordPress-SP-Project-And-Document-Manager-4.21-Shell-Upload.html http://packetstormsecurity.com/files/163675/WordPress-SP-Project-And-Document-Remote-Code-Execution.html https://nvd.nist.gov https://packetstormsecurity.com/files/163434/WordPress-SP-Project-And-Document-Manager-4.21-Shell-Upload.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2021-24347

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect