Enhancement: cves/2021/CVE-2021-24155.yaml by md

patch-1
MostInterestingBotInTheWorld 2023-03-21 17:17:21 -04:00
parent 72a20bcce6
commit ad097ced6b
1 changed files with 2 additions and 2 deletions

View File

@ -5,12 +5,12 @@ info:
author: theamanrawat
severity: high
description: |
WordPress Backup Guard plugin before 1.6.0 is susceptible to authenticated arbitrary file upload. The plugin does not ensure that imported files are in SGBP format and extension, allowing high-privilege users to upload arbitrary files, including PHP, possibly leading to RCE.
WordPress Backup Guard plugin before 1.6.0 is susceptible to authenticated arbitrary file upload. The plugin does not ensure that imported files are in SGBP format and extension, allowing high-privilege users to upload arbitrary files, including PHP, possibly leading to remote code execution.
reference:
- https://wpscan.com/vulnerability/d442acac-4394-45e4-b6bb-adf4a40960fb
- https://wordpress.org/plugins/backup/
- https://nvd.nist.gov/vuln/detail/CVE-2021-24155
remediation: Fixed in version 1.6.0
remediation: Fixed in version 1.6.0.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
cvss-score: 7.2