CVE-2021-24252 - OpenCVE

The Event Banner WordPress plugin through 1.3 does not verify the uploaded image file, allowing admin accounts to upload arbitrary files, such as .exe, .php, or others executable, leading to RCE. Due to the lack of CSRF check, the issue can also be used via such vector to achieve the same result, or via a LFI as authorisation checks are missing (but would require WP to be loaded)

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Wp-eventmanager	Event Banner

Configuration 1 [-]

cpe:2.3:a:wp-eventmanager:event_banner:*:*:*:*:*:wordpress:*:*

References

Link	Resource
https://github.com/jinhuang1102/CVE-ID-Reports/blob/master/Event%20Banner.md	Broken Link
https://wpscan.com/vulnerability/91e81c6d-f24d-4f87-bc13-746715af8f7c	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: WPScan

Published: 2021-05-05T18:39:43

Updated: 2021-05-05T18:39:43

Reserved: 2021-01-14T00:00:00

Link: CVE-2021-24252

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-05-06T13:15:11.757

Modified: 2022-10-25T19:26:25.357

Link: CVE-2021-24252

JSON object: View

Redhat Information

No data.

CWE

CWE-434

{"containers": {"cna": {"affected": [{"product": "Event Banner", "vendor": "Unknown", "versions": [{"lessThanOrEqual": "1.3", "status": "affected", "version": "1.3", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Jin Huang"}], "descriptions": [{"lang": "en", "value": "The Event Banner WordPress plugin through 1.3 does not verify the uploaded image file, allowing admin accounts to upload arbitrary files, such as .exe, .php, or others executable, leading to RCE. Due to the lack of CSRF check, the issue can also be used via such vector to achieve the same result, or via a LFI as authorisation checks are missing (but would require WP to be loaded)"}], "problemTypes": [{"descriptions": [{"cweId": "CWE-434", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-05-05T18:39:43", "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://wpscan.com/vulnerability/91e81c6d-f24d-4f87-bc13-746715af8f7c"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/jinhuang1102/CVE-ID-Reports/blob/master/Event%20Banner.md"}], "source": {"discovery": "UNKNOWN"}, "title": "Event Banner <= 1.3 - Arbitrary File Upload to RCE", "x_generator": "WPScan CVE Generator", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "contact@wpscan.com", "ID": "CVE-2021-24252", "STATE": "PUBLIC", "TITLE": "Event Banner <= 1.3 - Arbitrary File Upload to RCE"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Event Banner", "version": {"version_data": [{"version_affected": "<=", "version_name": "1.3", "version_value": "1.3"}]}}]}, "vendor_name": "Unknown"}]}}, "credit": [{"lang": "eng", "value": "Jin Huang"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Event Banner WordPress plugin through 1.3 does not verify the uploaded image file, allowing admin accounts to upload arbitrary files, such as .exe, .php, or others executable, leading to RCE. Due to the lack of CSRF check, the issue can also be used via such vector to achieve the same result, or via a LFI as authorisation checks are missing (but would require WP to be loaded)"}]}, "generator": "WPScan CVE Generator", "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-434 Unrestricted Upload of File with Dangerous Type"}]}]}, "references": {"reference_data": [{"name": "https://wpscan.com/vulnerability/91e81c6d-f24d-4f87-bc13-746715af8f7c", "refsource": "CONFIRM", "url": "https://wpscan.com/vulnerability/91e81c6d-f24d-4f87-bc13-746715af8f7c"}, {"name": "https://github.com/jinhuang1102/CVE-ID-Reports/blob/master/Event%20Banner.md", "refsource": "MISC", "url": "https://github.com/jinhuang1102/CVE-ID-Reports/blob/master/Event%20Banner.md"}]}, "source": {"discovery": "UNKNOWN"}}}}, "cveMetadata": {"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "assignerShortName": "WPScan", "cveId": "CVE-2021-24252", "datePublished": "2021-05-05T18:39:43", "dateReserved": "2021-01-14T00:00:00", "dateUpdated": "2021-05-05T18:39:43", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wp-eventmanager:event_banner:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "E4FC3FEA-DDF9-4E75-A976-377415AE54B4", "versionEndIncluding": "1.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The Event Banner WordPress plugin through 1.3 does not verify the uploaded image file, allowing admin accounts to upload arbitrary files, such as .exe, .php, or others executable, leading to RCE. Due to the lack of CSRF check, the issue can also be used via such vector to achieve the same result, or via a LFI as authorisation checks are missing (but would require WP to be loaded)"}, {"lang": "es", "value": "El plugin Event Banner WordPress versiones hasta 1.3, no verifica el archivo de imagen cargado, permitiendo que las cuentas de administrador cargar archivos arbitrarios, como .exe, .php u otros ejecutables, conllevando a RCE. Debido a una falta de comprobaci\u00f3n CSRF, el problema tambi\u00e9n puede ser utilizado por medio de dicho vector para lograr el mismo resultado, o por medio de un LFI, ya que faltan las comprobaciones de autorizaci\u00f3n (pero requerir\u00eda WP que sea cargado)"}], "id": "CVE-2021-24252", "lastModified": "2022-10-25T19:26:25.357", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-05-06T13:15:11.757", "references": [{"source": "contact@wpscan.com", "tags": ["Broken Link"], "url": "https://github.com/jinhuang1102/CVE-ID-Reports/blob/master/Event%20Banner.md"}, {"source": "contact@wpscan.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/91e81c6d-f24d-4f87-bc13-746715af8f7c"}], "sourceIdentifier": "contact@wpscan.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-434"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-434"}], "source": "contact@wpscan.com", "type": "Secondary"}]}