Limited Black Friday Offer:

SP Project & Document Manager < 4.22 - Authenticated Shell Upload CVE-2021-24347 Scanner

SP Project & Document Manager < 4.22 allows Authenticated Shell Upload Vulnerability.

Short Info

Level

High

Type

Single Scan

Can be used by

Asset Owner

Estimated Time

10 sec

Scan only one

Domain, Ipv4

Parent Category

SP Project & Document Manager < 4.22 - Authenticated Shell Upload CVE-2021-24347 Scanner Detail

The SP Project & Document Manager WordPress plugin before 4.22 allows users to upload files, however, the plugin attempts to prevent php and other similar files that could be executed on the server from being uploaded by checking the file extension. It was discovered that php files could still be uploaded by changing the file extension's case, for example, from "php" to "pHP".

http://packetstormsecurity.com/files/163434/WordPress-SP-Project-And-Document-Manager-4.21-Shell-Upload.html
http://packetstormsecurity.com/files/163675/WordPress-SP-Project-And-Document-Remote-Code-Execution.html
https://wpscan.com/vulnerability/8f6e82d5-c0e9-468e-acb8-7cd549f6a45a