CVE-2022-1939 - OpenCVE

The Allow svg files WordPress plugin before 1.1 does not properly validate uploaded files, which could allow high privilege users such as admin to upload PHP files even when they are not allowed to

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Allow Svg Files Project	Allow Svg Files

Configuration 1 [-]

cpe:2.3:a:allow_svg_files_project:allow_svg_files:*:*:*:*:*:wordpress:*:*

References

Link	Resource
https://wpscan.com/vulnerability/4d7b62e1-558b-4504-a6e2-78246a8b554f	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: WPScan

Published: 2022-06-20T10:26:20

Updated: 2022-06-20T10:26:20

Reserved: 2022-05-30T00:00:00

Link: CVE-2022-1939

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-06-20T11:15:10.543

Modified: 2022-06-28T18:30:00.583

Link: CVE-2022-1939

JSON object: View

Redhat Information

No data.

CWE

CWE-434

{"containers": {"cna": {"affected": [{"product": "Allow svg files", "vendor": "Unknown", "versions": [{"lessThan": "1.1", "status": "affected", "version": "1.1", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Luan Pedersini"}], "descriptions": [{"lang": "en", "value": "The Allow svg files WordPress plugin before 1.1 does not properly validate uploaded files, which could allow high privilege users such as admin to upload PHP files even when they are not allowed to"}], "problemTypes": [{"descriptions": [{"cweId": "CWE-434", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-06-20T10:26:20", "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://wpscan.com/vulnerability/4d7b62e1-558b-4504-a6e2-78246a8b554f"}], "source": {"discovery": "EXTERNAL"}, "title": "Allow SVG Files < 1.1 - Admin+ Arbitrary File Upload", "x_generator": "WPScan CVE Generator", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "contact@wpscan.com", "ID": "CVE-2022-1939", "STATE": "PUBLIC", "TITLE": "Allow SVG Files < 1.1 - Admin+ Arbitrary File Upload"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Allow svg files", "version": {"version_data": [{"version_affected": "<", "version_name": "1.1", "version_value": "1.1"}]}}]}, "vendor_name": "Unknown"}]}}, "credit": [{"lang": "eng", "value": "Luan Pedersini"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Allow svg files WordPress plugin before 1.1 does not properly validate uploaded files, which could allow high privilege users such as admin to upload PHP files even when they are not allowed to"}]}, "generator": "WPScan CVE Generator", "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-434 Unrestricted Upload of File with Dangerous Type"}]}]}, "references": {"reference_data": [{"name": "https://wpscan.com/vulnerability/4d7b62e1-558b-4504-a6e2-78246a8b554f", "refsource": "MISC", "url": "https://wpscan.com/vulnerability/4d7b62e1-558b-4504-a6e2-78246a8b554f"}]}, "source": {"discovery": "EXTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "assignerShortName": "WPScan", "cveId": "CVE-2022-1939", "datePublished": "2022-06-20T10:26:20", "dateReserved": "2022-05-30T00:00:00", "dateUpdated": "2022-06-20T10:26:20", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:allow_svg_files_project:allow_svg_files:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "CA10FC22-0095-41FE-A6E2-035F11B24FE4", "versionEndExcluding": "1.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The Allow svg files WordPress plugin before 1.1 does not properly validate uploaded files, which could allow high privilege users such as admin to upload PHP files even when they are not allowed to"}, {"lang": "es", "value": "El plugin Allow svg files de WordPress versiones anteriores a 1.1, no comprueba apropiadamente los archivos cargados, lo que podr\u00eda permitir a usuarios muy privilegiados, como el administrador, cargar archivos PHP incluso cuando no est\u00e1n autorizados a hacerlo"}], "id": "CVE-2022-1939", "lastModified": "2022-06-28T18:30:00.583", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-06-20T11:15:10.543", "references": [{"source": "contact@wpscan.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/4d7b62e1-558b-4504-a6e2-78246a8b554f"}], "sourceIdentifier": "contact@wpscan.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-434"}], "source": "contact@wpscan.com", "type": "Primary"}]}