CVE-2021-34639
7.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Authenticated File Upload in WordPress Download Manager <= 3.1.24 allows authenticated (Author+) users to upload files with a double extension, e.g. "payload.php.png" which is executable in some configurations. This issue affects: WordPress Download Manager version 3.1.24 and prior versions.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| W3 Eden, Inc. | WordPress Download Manager | 3.1.24 <= 3.1.24 | affected |
Weaknesses
- CWE-646: CWE-646 Reliance on File Name or Extension of Externally-Supplied File
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.