.. / CVE-2021-24347

Exploit for WordPress SP Project & Document Manager <4.22 - Authenticated Shell Upload (CVE-2021-24347)

Description:

WordPress SP Project & Document Manager plugin before 4.22 is susceptible to authenticated shell upload. The plugin allows users to upload files; however, the plugin attempts to prevent PHP and other similar executable files from being uploaded via checking the file extension. PHP files can still be uploaded by changing the file extension’s case, for example, from php to pHP.

Nuclei Template

View the template here CVE-2021-24347.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2021/CVE-2021-24347.yaml

References:

https://nvd.nist.gov/vuln/detail/CVE-2021-24347
https://github.com/Hacker5preme/Exploits
http://packetstormsecurity.com/files/163434/WordPress-SP-Project-And-Document-Manager-4.21-Shell-Upload.html
https://wpscan.com/vulnerability/8f6e82d5-c0e9-468e-acb8-7cd549f6a45a
https://wordpress.org/plugins/sp-client-document-manager/

.. / CVE-2021-24347 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for WordPress SP Project & Document Manager <4.22 - Authenticated Shell Upload (CVE-2021-24347)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2021-24347