CVE-2021-24347 Scanner
Detects 'Unrestricted File Upload' vulnerability in SP Project & Document Manager plugin for WordPress affects v. before 4.22.
Short Info
Level
High
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 second
Time Interval
4 week
Scan only one
Domain, Ipv4
Toolbox
-
The SP Project & Document Manager plugin for WordPress is a tool that allows users to upload files to their website. It's specifically designed to manage documents and projects, creating an efficient workflow for project teams and businesses. The plugin offers various features, such as organizing files according to categories, tagging files, adding notes, and setting permissions. It can be installed on any WordPress site and is easily customizable to suit specific needs.
CVE-2021-24347 is a vulnerability that has been discovered in the SP Project & Document Manager plugin. It is caused by a flaw in the plugin's code that allows users to upload PHP files that can be executed on the server. The vulnerability arises from the plugin's attempts to restrict certain file extensions, and attackers can easily exploit it by changing file extensions' case. As a result, hackers can gain access to the server and potentially steal sensitive information.
This vulnerability can lead to severe consequences for website owners, especially those who run online businesses. Attackers can easily gain access to the website and manipulate the site's content, leading to defacement, data theft, or the installation of malware. Besides, website visitors can also be at risk of cyberattacks if hackers use the site for distributing malicious software. It's crucial to address and resolve the vulnerability as soon as possible to avoid any potential risks.
s4e.io provides a comprehensive platform to help website owners assess their website's security posture accurately. Its pro features allow users to identify and remediate vulnerabilities rapidly, thereby minimizing the risk of cyberattacks. The platform's easy-to-use and intuitive interface helps users navigate through the security measures and remediation process, even without extensive technical knowledge. By subscribing to s4e.io, website owners can safeguard their digital assets and protect themselves and their customers from potential security breaches.
REFERENCES