From d95dee26ed85ec0af01e566a2b75d2d29406353e Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Wed, 20 Jul 2022 16:43:54 +0530 Subject: [PATCH] Update CVE-2021-24284.yaml --- cves/2021/CVE-2021-24284.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/cves/2021/CVE-2021-24284.yaml b/cves/2021/CVE-2021-24284.yaml index 3e73326d9d..bbf0ea1130 100644 --- a/cves/2021/CVE-2021-24284.yaml +++ b/cves/2021/CVE-2021-24284.yaml @@ -7,18 +7,18 @@ info: description: | The Kaswara Modern VC Addons WordPress plugin through 3.0.1 allows unauthenticated arbitrary file upload via the 'uploadFontIcon' AJAX action. The supplied zipfile being unzipped in the wp-content/uploads/kaswara/fonts_icon directory with no checks for malicious files such as PHP. reference: - - https://nvd.nist.gov/vuln/detail/CVE-2021-24284 - - https://github.com/advisories/GHSA-wqvg-8q49-hjc7 - https://wpscan.com/vulnerability/8d66e338-a88f-4610-8d12-43e8be2da8c5 + - https://github.com/advisories/GHSA-wqvg-8q49-hjc7 - https://www.wordfence.com/blog/2021/04/psa-remove-kaswara-modern-wpbakery-page-builder-addons-plugin-immediately/ - https://www.waltermairena.net/en/2021/04/25/0-day-vulnerability-in-the-plugin-kaswara-modern-vc-addons-plugin-what-can-i-do/ - https://lifeinhex.com/kaswara-exploit-or-how-much-wordfence-cares-about-user-security/ + - https://nvd.nist.gov/vuln/detail/CVE-2021-24284 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2021-24284 cwe-id: CWE-434 - tags: cve,cve2021,wordpress,wp-plugin,rce + tags: cve,cve2021,wordpress,wp-plugin,rce,wp,intrusive,unauth,fileupload variables: zip_file: "{{to_lower(rand_text_alpha(6))}}" @@ -66,4 +66,4 @@ requests: - type: status status: - - 200 \ No newline at end of file + - 200