CVE-2021-24146 PoC — Wordpress Modern Events Calendar Lite 访问控制错误漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-24146.yaml

Associated Vulnerability

Title:Wordpress Modern Events Calendar Lite 访问控制错误漏洞 (CVE-2021-24146)
Description:Wordpress Modern Events Calendar Lite是（Wordpress）开源的一个应用插件。该插件用于管理事件网站的最佳工具。 WordPress Modern Events Calendar Lite plugin before 5.16.5 存在访问控制错误漏洞，该漏洞源于没有适当地限制对导出文件的访问。

Description

WordPress Modern Events Calendar Lite before 5.16.5 does not properly restrict access to the export files, allowing unauthenticated users to exports all events data in CSV or XML format.

File Snapshot


 id: CVE-2021-24146

info:
  name: WordPress Modern Events Calendar Lite <5.16.5 - Sensitive Informat

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!