WP-Curricul Vitea Free <= 6.3 - Unauthenticated Arbitrary File Upload to RCE

Description

The plugin suffers from an arbitrary file upload issue in page where the [formCadastro] is embed. The form allows unauthenticated user to register and submit files for their profile picture as well as resume, without any file extension restriction, leading to RCE.

Proof of Concept

The PoC will be displayed once the issue has been remediated

Affects Plugins

wp-curriculo-vitae

No known fix - plugin closed

References

CVE

CVE-2021-24222

URL

https://github.com/jinhuang1102/CVE-ID-Reports/blob/145fc4e34c9b9799275c8e19d6b02f544c88126b/WP_Curriculo_Free.md

YouTube Video

Classification

Type

UPLOAD

CWE

CWE-434

Miscellaneous

Original Researcher

Jin Huang

Submitter

Jin Huang

Submitter website

https://github.com/jinhuang1102

Submitter twitter

JinHuan70342329

Verified

Yes

WPVDB ID

4d715de6-8595-4da9-808a-04a28e409900

Timeline

Publicly Published

2021-03-26 (about 7 months ago)

Added

2021-03-26 (about 7 months ago)

Last Updated

2021-04-01 (about 6 months ago)

Our Other Services

WPScan WordPress Security Plugin