Arbitrary file upload in the PowerPress WordPress plugin, versions before 8.3.8, did not verify some of the uploaded feed images (such as the ones from Podcast Artwork section), allowing high privilege accounts (admin+) being able to upload arbitrary files, such as php, leading to RCE.
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/43aa30bf-eaf8-467a-93a1-78f9bdb37b36 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: WPScan
Published: 2021-03-18T14:57:47
Updated: 2021-03-18T14:57:47
Reserved: 2021-01-14T00:00:00
Link: CVE-2021-24123
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-03-18T15:15:13.573
Modified: 2021-03-23T18:27:19.407
Link: CVE-2021-24123
JSON object: View
Redhat Information
No data.
CWE