daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update CVE-2021-24947.yaml

patch-1
Prince Chaddha 2022-02-09 00:55:00 +05:30 committed by GitHub
parent b64401ab02
commit ce903c73f2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
cves/2021/CVE-2021-24947.yaml
View File

@ -6,7 +6,7 @@ info:
severity: high severity: high
description: The plugin does not have proper authorisation, CSRF checks and validation of the rvm_upload_regions_file_path parameter in the rvm_import_regions AJAX action, allowing any authenticated user, such as subscriber, to read arbitrary files on the web server. description: The plugin does not have proper authorisation, CSRF checks and validation of the rvm_upload_regions_file_path parameter in the rvm_import_regions AJAX action, allowing any authenticated user, such as subscriber, to read arbitrary files on the web server.
reference: reference:
- https://wpscan.com/vulnerability/cb232354-f74d-48bb-b437-7bdddd1df42a - https://wpscan.com/vulnerability/c6bb12b1-6961-40bd-9110-edfa9ee41a18
- https://nvd.nist.gov/vuln/detail/CVE-2021-24947 - https://nvd.nist.gov/vuln/detail/CVE-2021-24947
classification: classification:
cve-id: CVE-2021-24947 cve-id: CVE-2021-24947