cnvd - cnvd-2022-71438

cnvd-2022-71438

Vulnerability from cnvd

Title: WordPress SP Project & Document Manager plugin文件上传漏洞

Description:

WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。

WordPress SP Project & Document Manager plugin 4.24之前版本存在文件上传漏洞，该漏洞源于在Windows服务器上，安全检查不足。攻击者可利用该漏洞允许任何经过身份验证的用户（例如订阅者）上传文件。

Severity: 中

Patch Name: WordPress SP Project & Document Manager plugin文件上传漏洞的补丁

Patch Description:

WordPress SP Project & Document Manager plugin 4.24之前版本存在文件上传漏洞，该漏洞源于在Windows服务器上，安全检查不足。攻击者可利用该漏洞允许任何经过身份验证的用户（例如订阅者）上传文件。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

厂商已发布了漏洞修复程序，请及时关注更新： https://wpscan.com/vulnerability/bd1083d1-edcc-482e-a8a9-c8b6c8d417bd

Reference: https://nvd.nist.gov/vuln/detail/CVE-2021-4225

Impacted products

Name
WordPress1 SP Project & Document Manager Plugin <4.24

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-4225",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-4225"
    }
  },
  "description": "WordPress\u548cWordPress plugin\u90fd\u662fWordPress\u57fa\u91d1\u4f1a\u7684\u4ea7\u54c1\u3002WordPress\u662f\u4e00\u5957\u4f7f\u7528PHP\u8bed\u8a00\u5f00\u53d1\u7684\u535a\u5ba2\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u652f\u6301\u5728PHP\u548cMySQL\u7684\u670d\u52a1\u5668\u4e0a\u67b6\u8bbe\u4e2a\u4eba\u535a\u5ba2\u7f51\u7ad9\u3002WordPress plugin\u662f\u4e00\u4e2a\u5e94\u7528\u63d2\u4ef6\u3002\n\nWordPress SP Project \u0026 Document Manager plugin 4.24\u4e4b\u524d\u7248\u672c\u5b58\u5728\u6587\u4ef6\u4e0a\u4f20\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5728Windows\u670d\u52a1\u5668\u4e0a\uff0c\u5b89\u5168\u68c0\u67e5\u4e0d\u8db3\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5141\u8bb8\u4efb\u4f55\u7ecf\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u7684\u7528\u6237\uff08\u4f8b\u5982\u8ba2\u9605\u8005\uff09\u4e0a\u4f20\u6587\u4ef6\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://wpscan.com/vulnerability/bd1083d1-edcc-482e-a8a9-c8b6c8d417bd",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2022-71438",
  "openTime": "2022-10-26",
  "patchDescription": "WordPress\u548cWordPress plugin\u90fd\u662fWordPress\u57fa\u91d1\u4f1a\u7684\u4ea7\u54c1\u3002WordPress\u662f\u4e00\u5957\u4f7f\u7528PHP\u8bed\u8a00\u5f00\u53d1\u7684\u535a\u5ba2\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u652f\u6301\u5728PHP\u548cMySQL\u7684\u670d\u52a1\u5668\u4e0a\u67b6\u8bbe\u4e2a\u4eba\u535a\u5ba2\u7f51\u7ad9\u3002WordPress plugin\u662f\u4e00\u4e2a\u5e94\u7528\u63d2\u4ef6\u3002\r\n\r\nWordPress SP Project \u0026 Document Manager plugin 4.24\u4e4b\u524d\u7248\u672c\u5b58\u5728\u6587\u4ef6\u4e0a\u4f20\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5728Windows\u670d\u52a1\u5668\u4e0a\uff0c\u5b89\u5168\u68c0\u67e5\u4e0d\u8db3\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5141\u8bb8\u4efb\u4f55\u7ecf\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u7684\u7528\u6237\uff08\u4f8b\u5982\u8ba2\u9605\u8005\uff09\u4e0a\u4f20\u6587\u4ef6\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "WordPress SP Project \u0026 Document Manager plugin\u6587\u4ef6\u4e0a\u4f20\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "WordPress1 SP Project \u0026 Document Manager Plugin \u003c4.24"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2021-4225",
  "serverity": "\u4e2d",
  "submitTime": "2022-04-27",
  "title": "WordPress SP Project \u0026 Document Manager plugin\u6587\u4ef6\u4e0a\u4f20\u6f0f\u6d1e"
}

CVE-2021-4225 (GCVE-0-2021-4225)

Vulnerability from cvelistv5

Published

2022-04-25 15:50

Modified

2024-08-03 17:16

Severity ?

CWE

CWE-434 - Unrestricted Upload of File with Dangerous Type

Summary

The SP Project & Document Manager WordPress plugin before 4.24 allows any authenticated users, such as subscribers, to upload files. The plugin attempts to prevent PHP and other similar files that could be executed on the server from being uploaded by checking the file extension. It was discovered that on Windows servers, the security checks in place were insufficient, enabling bad actors to potentially upload backdoors on vulnerable sites.

References

▼	URL	Tags
	https://wpscan.com/vulnerability/bd1083d1-edcc-482e-a8a9-c8b6c8d417bd	x_refsource_MISC
	https://github.com/pang0lin/CVEproject/blob/main/wordpress_SP-Project_fileupload.md	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Unknown	SP Project & Document Manager	Version: 4.24 < 4.24

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:16:04.292Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://wpscan.com/vulnerability/bd1083d1-edcc-482e-a8a9-c8b6c8d417bd"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/pang0lin/CVEproject/blob/main/wordpress_SP-Project_fileupload.md"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "SP Project \u0026 Document Manager",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "4.24",
              "status": "affected",
              "version": "4.24",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "pang0lin @webray.com.cn inc"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The SP Project \u0026 Document Manager WordPress plugin before 4.24 allows any authenticated users, such as subscribers, to upload files. The plugin attempts to prevent PHP and other similar files that could be executed on the server from being uploaded by checking the file extension. It was discovered that on Windows servers, the security checks in place were insufficient, enabling bad actors to potentially upload backdoors on vulnerable sites."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-434",
              "description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-25T15:50:53",
        "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "shortName": "WPScan"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://wpscan.com/vulnerability/bd1083d1-edcc-482e-a8a9-c8b6c8d417bd"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/pang0lin/CVEproject/blob/main/wordpress_SP-Project_fileupload.md"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "SP Project \u0026 Document Manager \u003c 4.24 - Subscriber+ Shell Upload",
      "x_generator": "WPScan CVE Generator",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "contact@wpscan.com",
          "ID": "CVE-2021-4225",
          "STATE": "PUBLIC",
          "TITLE": "SP Project \u0026 Document Manager \u003c 4.24 - Subscriber+ Shell Upload"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SP Project \u0026 Document Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "4.24",
                            "version_value": "4.24"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Unknown"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "pang0lin @webray.com.cn inc"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The SP Project \u0026 Document Manager WordPress plugin before 4.24 allows any authenticated users, such as subscribers, to upload files. The plugin attempts to prevent PHP and other similar files that could be executed on the server from being uploaded by checking the file extension. It was discovered that on Windows servers, the security checks in place were insufficient, enabling bad actors to potentially upload backdoors on vulnerable sites."
            }
          ]
        },
        "generator": "WPScan CVE Generator",
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://wpscan.com/vulnerability/bd1083d1-edcc-482e-a8a9-c8b6c8d417bd",
              "refsource": "MISC",
              "url": "https://wpscan.com/vulnerability/bd1083d1-edcc-482e-a8a9-c8b6c8d417bd"
            },
            {
              "name": "https://github.com/pang0lin/CVEproject/blob/main/wordpress_SP-Project_fileupload.md",
              "refsource": "MISC",
              "url": "https://github.com/pang0lin/CVEproject/blob/main/wordpress_SP-Project_fileupload.md"
            }
          ]
        },
        "source": {
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
    "assignerShortName": "WPScan",
    "cveId": "CVE-2021-4225",
    "datePublished": "2022-04-25T15:50:53",
    "dateReserved": "2022-03-31T00:00:00",
    "dateUpdated": "2024-08-03T17:16:04.292Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted