{ "id": "CVE-2021-25082", "sourceIdentifier": "contact@wpscan.com", "published": "2022-02-21T11:15:08.757", "lastModified": "2024-11-21T05:54:18.970", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Popup Builder WordPress plugin before 4.0.7 does not validate and sanitise the sgpb_type parameter before using it in a require statement, leading to a Local File Inclusion issue. Furthermore, since the beginning of the string can be controlled, the issue can lead to RCE vulnerability via wrappers such as PHAR" }, { "lang": "es", "value": "El plugin Popup Builder de WordPress versiones anteriores a 4.0.7, no comprueba ni sanea el par\u00e1metro sgpb_type antes de usarlo en una sentencia require, lo que conlleva un problema de inclusi\u00f3n de archivos locales. Adem\u00e1s, dado que el comienzo de la cadena puede ser controlado, el problema puede conllevar a una vulnerabilidad RCE por medio de wrappers como PHAR" } ], "metrics": { "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH" }, "exploitabilityScore": 2.8, "impactScore": 5.9 } ], "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "baseScore": 6.5, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL" }, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "contact@wpscan.com", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-22" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:sygnoos:popup_builder:*:*:*:*:*:wordpress:*:*", "versionEndExcluding": "4.0.7", "matchCriteriaId": "4D698325-F34E-4DA6-A031-6B0814E68705" } ] } ] } ], "references": [ { "url": "https://plugins.trac.wordpress.org/changeset/2659117", "source": "contact@wpscan.com", "tags": [ "Release Notes", "Third Party Advisory" ] }, { "url": "https://wpscan.com/vulnerability/0f90f10c-4b0a-46da-ac1f-aa6a03312132", "source": "contact@wpscan.com", "tags": [ "Exploit", "Third Party Advisory" ] }, { "url": "https://plugins.trac.wordpress.org/changeset/2659117", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Release Notes", "Third Party Advisory" ] }, { "url": "https://wpscan.com/vulnerability/0f90f10c-4b0a-46da-ac1f-aa6a03312132", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Third Party Advisory" ] } ] }