admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
cvelist/2021/24xxx/CVE-2021-24890.json
erwanlr c2432aad77 Adds CVEs
2022-09-26 14:33:59 +02:00

89 lines
2.2 KiB
JSON
Raw Blame History

{
"CVE_data_meta": {
"ID": "CVE-2021-24890",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Scripts Organizer < 3.0 - Unauthenticated Arbitrary File Upload"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "scripts-organizer",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "3.0",
"version_value": "3.0"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Scripts Organizer WordPress plugin before 3.0 does not have capability and CSRF checks in the saveScript AJAX action, available to both unauthenticated and authenticated users, and does not validate user input in any way, which could allow unauthenticated users to put arbitrary PHP code in a file"
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/f3b450d2-84ce-4c13-ad6a-b60785dee7e7",
"name": "https://wpscan.com/vulnerability/f3b450d2-84ce-4c13-ad6a-b60785dee7e7"
},
{
"refsource": "MISC",
"url": "https://dplugins.com/products/scripts-organizer/",
"name": "https://dplugins.com/products/scripts-organizer/"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-862 Missing Authorization",
"lang": "eng"
}
]
},
{
"description": [
{
"value": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Ovidiu Maghetiu"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
Reference in New Issue View Git Blame Copy Permalink