Ver todas as ameaças

CVE-2021-24347

Alvo: Não informado

Descrição

The SP Project & Document Manager WordPress plugin before 4.22 allows users to upload files, however, the plugin attempts to prevent php and other similar files that could be executed on the server from being uploaded by checking the file extension. It was discovered that php files could still be uploaded by changing the file extension’s case, for example, from “php” to “pHP”.

Software
Não informado
Tipo Software
Plugin
CVE
CVE-2021-24347
Tags
Nâo informado
Data de publicação
14/06/2021
Última atualização
08/12/2024
Pontuação em CVSS 3.0
8.8
Alto
Rolar para cima