Enhancement: cves/2021/CVE-2021-24146.yaml by mp
parent
a459e577c3
commit
eeb59a3257
|
@ -1,13 +1,14 @@
|
|||
id: CVE-2021-24146
|
||||
|
||||
info:
|
||||
name: Modern Events Calendar Lite < 5.16.5 - Unauthenticated Events Export
|
||||
name: WordPress Modern Events Calendar Lite <5.16.5 - Sensitive Information Disclosure
|
||||
author: random_robbie
|
||||
severity: high
|
||||
description: Lack of authorisation checks in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not properly restrict access to the export files, allowing unauthenticated users to exports all events data in CSV or XML format for example.
|
||||
description: WordPress Modern Events Calendar Lite before 5.16.5 does not properly restrict access to the export files, allowing unauthenticated users to exports all events data in CSV or XML format.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/c7b1ebd6-3050-4725-9c87-0ea525f8fecc
|
||||
- http://packetstormsecurity.com/files/163345/WordPress-Modern-Events-Calendar-5.16.2-Information-Disclosure.html
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-24146
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
|
||||
cvss-score: 7.5
|
||||
|
@ -32,3 +33,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/06/22
|
||||
|
|
Loading…
Reference in New Issue