admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
cvelist/2021/24xxx/CVE-2021-24472.json
erwanlr 16600485fc Adds WPScan CVEs
2021-08-02 09:07:08 +02:00

88 lines
2.3 KiB
JSON
Raw Blame History

{
"CVE_data_meta": {
"ID": "CVE-2021-24472",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Onair2 < 3.9.9.2 & KenthaRadio < 2.0.2 - Unauthenticated RFI and SSRF"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "QantumThemes",
"product": {
"product_data": [
{
"product_name": "QT KenthaRadio",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.0.2",
"version_value": "2.0.2"
}
]
}
},
{
"product_name": "OnAir2",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "3.9.9.2",
"version_value": "3.9.9.2"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The OnAir2 WordPress theme before 3.9.9.2 and QT KenthaRadio WordPress plugin before 2.0.2 have exposed proxy functionality to unauthenticated users, sending requests to this proxy functionality will have the web server fetch and display the content from any URI, this would allow for SSRF (Server Side Request Forgery) and RFI (Remote File Inclusion) vulnerabilities on the website."
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/17591ac5-88fa-4cae-a61a-4dcf5dc0b72a",
"name": "https://wpscan.com/vulnerability/17591ac5-88fa-4cae-a61a-4dcf5dc0b72a"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Andreas Klöbl"
}
],
"source": {
"discovery": "UNKNOWN"
}
}
Reference in New Issue View Git Blame Copy Permalink