CVE-2021-24371

{"id": "CVE-2021-24371", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 1.2}]}, "published": "2021-08-02T11:15:08.590", "references": [{"url": "https://codevigilant.com/disclosure/2021/wp-plugin-rsvpmaker/", "tags": ["Exploit", "Patch", "Third Party Advisory"], "source": "contact@wpscan.com"}, {"url": "https://wpscan.com/vulnerability/63be225c-ebee-4cac-b43e-cf033ee7425d", "tags": ["Exploit", "Third Party Advisory"], "source": "contact@wpscan.com"}, {"url": "https://codevigilant.com/disclosure/2021/wp-plugin-rsvpmaker/", "tags": ["Exploit", "Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://wpscan.com/vulnerability/63be225c-ebee-4cac-b43e-cf033ee7425d", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "contact@wpscan.com", "description": [{"lang": "en", "value": "CWE-918"}]}], "descriptions": [{"lang": "en", "value": "The Import feature of the RSVPMaker WordPress plugin before 8.7.3 (/wp-admin/tools.php?page=rsvpmaker_export_screen) takes an URL input and calls curl on it, without first validating it to ensure it's a remote one. As a result, a high privilege user could use that feature to scan the internal network via a SSRF attack."}, {"lang": "es", "value": "La funcionalidad Import del plugin RSVPMaker de WordPress versiones anteriores a 8.7.3 (/wp-admin/tools.php?page=rsvpmaker_export_screen) toma una entrada de URL y llama a curl sobre ella, sin comprobarla primero para asegurarse de que es una remota. Como resultado, un usuario con altos privilegios podr\u00eda usar esa funcionalidad para escanear la red interna por medio de un ataque SSRF"}], "lastModified": "2024-11-21T05:52:56.100", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:carrcommunications:rsvpmaker:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "BFB474F8-B7BD-4735-A452-2FC6E4736282", "versionEndExcluding": "8.7.3"}], "operator": "OR"}]}], "sourceIdentifier": "contact@wpscan.com"}