CVE-2021-24145 PoC — Wordpress Modern Events Calendar Lite 代码问题漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-24145.yaml

Associated Vulnerability

Title:Wordpress Modern Events Calendar Lite 代码问题漏洞 (CVE-2021-24145)
Description:Wordpress Modern Events Calendar Lite是（Wordpress）开源的一个应用插件。该插件用于管理事件网站的最佳工具。 WordPress Modern Events Calendar Lite plugin before 5.16.5 存在代码问题漏洞，该漏洞源于任意上传文件都没有正确检查导入的文件。

Description

WordPress Modern Events Calendar Lite plugin before 5.16.5 is susceptible to authenticated arbitrary file upload. The plugin does not properly check the imported file, allowing PHP files to be uploaded and/or executed by an administrator or other high-privilege user using the text/csv content-type in the request. This can possibly lead to remote code execution.

File Snapshot


 id: CVE-2021-24145

info:
  name: WordPress Modern Events Calendar Lite <5.16.5 - Authenticated Arbi

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!