daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Enhancement: cves/2021/CVE-2021-24499.yaml by mp

patch-1
MostInterestingBotInTheWorld 2022-05-16 15:22:57 -04:00
parent d29eba9e3a
commit 8d050f0296
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
cves/2021/CVE-2021-24499.yaml
View File

@ -1,11 +1,10 @@
id: CVE-2021-24499
info:
name: Workreap WordPress theme - unauthenticated RCE
name: WordPress Workeap - Remote Code Execution
author: daffainfo
severity: critical
description: The AJAX actions workreap_award_temp_file_uploader and workreap_temp_file_uploader did not perform nonce checks, or validate that the request is from a valid user in any other way. The endpoints allowed
for uploading arbitrary files to the uploads/workreap-temp directory. Uploaded files were neither sanitized nor validated, allowing an unauthenticated visitor to upload executable code such as php scripts.
description: WordPress Workeap theme is susceptible to remote code execution. The AJAX actions workreap_award_temp_file_uploader and workreap_temp_file_uploader did not perform nonce checks, or validate that the request is from a valid user in any other way. The endpoints allowed for uploading arbitrary files to the uploads/workreap-temp directory. Uploaded files were neither sanitized nor validated, allowing an unauthenticated visitor to upload executable code such as php scripts.
reference:
- https://github.com/RyouYoo/CVE-2021-24499
- https://nvd.nist.gov/vuln/detail/CVE-2021-24499
@ -49,3 +48,5 @@ requests:
part: body
words:
- "71abe5077dae2754c36d731cc1534d4d"
# Enhanced by mp on 2022/05/16