Executive Summary

Informations
Name CVE-2021-24385 First vendor Publication 2021-07-12
Vendor Cve Last vendor Modification 2024-11-21

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Overall CVSS Score 9.8
Base Score 9.8 Environmental Score 9.8
impact SubScore 5.9 Temporal Score 9.8
Exploitabality Sub Score 3.9
 
Attack Vector Network Attack Complexity Low
Privileges Required None User Interaction None
Scope Unchanged Confidentiality Impact High
Integrity Impact High Availability Impact High
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 7.5 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

The Filebird Plugin 4.7.3 introduced a SQL injection vulnerability as it is making SQL queries without escaping user input data from a HTTP post request. This is a major vulnerability as the user input is not escaped and passed directly to the get_col function and it allows SQL injection. The Rest API endpoint which invokes this function also does not have any required permissions/authentication and can be accessed by an anonymous user.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24385

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1

Sources (Detail)

https://10up.com/blog/2021/security-vulnerability-filebird-wordpress-plugin/
https://wpscan.com/vulnerability/754ac750-0262-4f65-b23e-d5523995fbfa
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
Date Informations
2024-11-28 13:53:39
  • Multiple Updates
2021-07-15 21:23:09
  • Multiple Updates
2021-07-14 01:41:34
  • Multiple Updates
2021-07-14 01:40:47
  • Multiple Updates
2021-07-13 17:22:50
  • Multiple Updates
2021-07-13 00:22:47
  • First insertion