CVE-2021-4225 Information

Description

The SP Project & Document Manager WordPress plugin before 4.24 allows any authenticated users such as subscribers to upload files. The plugin attempts to prevent PHP and other similar files that could be executed on the server from being uploaded by checking the file extension. It was discovered that on Windows servers the security checks in place were insufficient enabling bad actors to potentially upload backdoors on vulnerable sites.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Reference

https://github.com/pang0lin/CVEproject/blob/main/wordpress_SP-Project_fileupload.md https://wpscan.com/vulnerability/bd1083d1-edcc-482e-a8a9-c8b6c8d417bd

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

8.8