CVE-2021-24254

The College publisher Import WordPress plugin through 0.1 does not check for the uploaded CSV file to import, allowing high privilege users to upload arbitrary files, such as PHP, leading to RCE. Due to the lack of CSRF check, the issue could also be exploited via a CSRF attack.
Configurations

Configuration 1 (hide)

cpe:2.3:a:college_publisher_import_project:college_publisher_import:*:*:*:*:*:wordpress:*:*

History

No history.

Information

Published : 2021-05-06 13:15

Updated : 2024-02-28 18:28


NVD link : CVE-2021-24254

Mitre link : CVE-2021-24254

CVE.ORG link : CVE-2021-24254


JSON object : View

Products Affected

college_publisher_import_project

  • college_publisher_import
CWE
CWE-434

Unrestricted Upload of File with Dangerous Type