WooCommerce Upload Files < 59.4 – Unauthenticated Arbitrary File Upload | CVE 2021-24171 | Plugin Vulnerabilities

Description

The plugin ran a single sanitization pass to remove blocked extensions such as .php. It was possible to bypass this and upload a file with a PHP extension by embedding a "blocked" extension within another "blocked" extension in the "wcuf_file_name" parameter. It was also possible to perform a double extension attack and upload files to a different location via path traversal using the "wcuf_current_upload_session_id" parameter.

Affects Plugins

woocommerce-upload-files

Fixed in 59.4

References

CVE

URL

https://www.wordfence.com/blog/2021/03/critical-vulnerability-patched-in-woocommerce-upload-files/

Classification

Type

RCE

OWASP top 10

CWE

CVSS

Miscellaneous

Original Researcher

Ramuel Gall

Submitter

Ramuel Gall

Submitter twitter

Verified

Yes

WPVDB ID

ed4288a1-f7e4-455f-b765-5ac343f87194

Timeline

Publicly Published

2021-03-04 (about 3 years ago)

Added

2021-03-04 (about 3 years ago)

Last Updated

2021-04-03 (about 3 years ago)

Other

Published

Title

Published

2024-03-24

Title

WP Crontrol < 1.16.2 - Remote Code Execution

Published

2024-05-01

Title

Booster for WooCommerce < 7.1.9 - Unauthenticated Arbitrary Shortcode Execution

Published

2014-08-01

Title

Archin 3.2 - hades_framework/option_panel/ajax.php Configuration Option Manipulation

Published

2014-09-27

Title

DZS Video Gallery Plugin - RCE & More

Published

2020-01-21

Title

AccessAlly < 3.3.2 - Unauthenticated Arbitrary PHP Code Execution