QwikSec

Security Database

CVE

CWE

Training

CVE-2021-24222

Published: Apr 12, 2021

Modified: Aug 3, 2024

PUBLISHED

Description

The WP-Curriculo Vitae Free WordPress plugin through 6.3 suffers from an arbitrary file upload issue in page where the [formCadastro] is embed. The form allows unauthenticated user to register and submit files for their profile picture as well as resume, without any file extension restriction, leading to RCE.

Vendor	Product	Versions
Unknown	WP-Curriculo Vitae Free	affected `6.3 - <= 6.3`

Weaknesses (CWE)

References

https://wpscan.com/vulnerability/4d715de6-8595-4da9-808a-04a28e409900

x_refsource_CONFIRM

https://github.com/jinhuang1102/CVE-ID-Reports/blob/145fc4e34c9b9799275c8e19d6b02f544c88126b/WP_Curriculo_Free.md

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.