logoWordPressPluginsThemesAPISubmitContact
search-icon
logo
search-icon
WordPressPluginsThemesAPISubmitContactSecurity Scanner
Register

College Publisher Import <= 0.1 - Arbitrary File Upload to RCE

Description

The plugin does not check for the uploaded CSV file to import, allowing high privilege users to upload arbitrary files, such as PHP, leading to RCE. Due to the lack of CSRF check, the issue could also be exploited via a CSRF attack.

The issue has been escalated to WordPress on April 12th, 2021

Proof of Concept

The PoC will be displayed once the issue has been remediated

Affects Plugins

college-publisher-import

No known fix - plugin closed

References

CVE

CVE-2021-24254

URL

https://github.com/jinhuang1102/CVE-ID-Reports/blob/master/College%20Puglisher%20Import.md

Classification

Type

UPLOAD

CWE

CWE-434

Miscellaneous

Original Researcher

Jin Huang

Submitter

Jin Huang

Submitter website

https://github.com/jinhuang1102

Submitter twitter

JinHWhite412Ash

Verified

Yes

WPVDB ID

bb3e56dd-ae2e-45c2-a6c9-a59ae5fc1dc4

Timeline

Publicly Published

2021-04-11 (about 3 months ago)

Added

2021-04-12 (about 3 months ago)

Last Updated

2021-04-14 (about 3 months ago)

Our Other Services

WPScan WordPress Security Plugin