CVE-2021-24224

The EFBP_verify_upload_file AJAX action of the Easy Form Builder WordPress plugin through 1.0, available to authenticated users, does not have any security in place to verify uploaded files, allowing low privilege users to upload arbitrary files, leading to RCE.

CVSS v3 8.8 HIGH
CVSS v2.0 6.5 MEDIUM

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.5^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 8.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://github.com/jinhuang1102/CVE-ID-Reports/blob/e4c33529b20fa70e3a764ff9b1125839fb9900b5/Easy%20Form%20Builder.md	Exploit Third Party Advisory
https://wpscan.com/vulnerability/ed0c054b-54bf-4df8-9015-c76704c93484	Third Party Advisory
https://github.com/jinhuang1102/CVE-ID-Reports/blob/e4c33529b20fa70e3a764ff9b1125839fb9900b5/Easy%20Form%20Builder.md	Exploit Third Party Advisory
https://wpscan.com/vulnerability/ed0c054b-54bf-4df8-9015-c76704c93484	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:easy-form-builder-by-bitware_project:easy-form-builder-by-bitware:*:*:*:*:*:wordpress:*:*

History

No history.

Information

Published : 2021-04-12 14:15

Updated : 2024-11-21 05:52

NVD link : CVE-2021-24224

Mitre link : CVE-2021-24224

CVE.ORG link : CVE-2021-24224

JSON object : View

Products Affected

easy-form-builder-by-bitware_project

easy-form-builder-by-bitware

CWE

CWE-434

Unrestricted Upload of File with Dangerous Type

{"id": "CVE-2021-24224", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2021-04-12T14:15:15.773", "references": [{"url": "https://github.com/jinhuang1102/CVE-ID-Reports/blob/e4c33529b20fa70e3a764ff9b1125839fb9900b5/Easy%20Form%20Builder.md", "tags": ["Exploit", "Third Party Advisory"], "source": "contact@wpscan.com"}, {"url": "https://wpscan.com/vulnerability/ed0c054b-54bf-4df8-9015-c76704c93484", "tags": ["Third Party Advisory"], "source": "contact@wpscan.com"}, {"url": "https://github.com/jinhuang1102/CVE-ID-Reports/blob/e4c33529b20fa70e3a764ff9b1125839fb9900b5/Easy%20Form%20Builder.md", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://wpscan.com/vulnerability/ed0c054b-54bf-4df8-9015-c76704c93484", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "contact@wpscan.com", "description": [{"lang": "en", "value": "CWE-434"}]}], "descriptions": [{"lang": "en", "value": "The EFBP_verify_upload_file AJAX action of the Easy Form Builder WordPress plugin through 1.0, available to authenticated users, does not have any security in place to verify uploaded files, allowing low privilege users to upload arbitrary files, leading to RCE."}, {"lang": "es", "value": "La acci\u00f3n AJAX EFBP_verify_upload_file del plugin Easy Form Builder WordPress versiones hasta 1.0, disponible para usuarios autenticados, no presenta ninguna seguridad para verificar los archivos cargados, permitiendo a usuarios poco privilegiados cargar archivos arbitrarios, conllevando a una vulnerabilidad de RCE"}], "lastModified": "2024-11-21T05:52:37.970", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:easy-form-builder-by-bitware_project:easy-form-builder-by-bitware:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "73FE31DC-C7F1-4728-883F-C8ED50EC7600", "versionEndIncluding": "1.0"}], "operator": "OR"}]}], "sourceIdentifier": "contact@wpscan.com"}