WordPress Fancy Product Designer <4.6.9 - Arbitrary File Upload
ID: CVE-2021-24370
Severity: critical
Author: pikpikcu
Tags: cve2021,cve,wordpress,wp,seclists,wpscan,rce,wp-plugin,fancyproduct,radykal
Description
Section titled “Description”WordPress Fancy Product Designer plugin before 4.6.9 is susceptible to an arbitrary file upload. An attacker can upload malicious files and execute code on the server, modify data, and/or gain full control over a compromised system without authentication.
YAML Source
Section titled “YAML Source”id: CVE-2021-24370
info: name: WordPress Fancy Product Designer <4.6.9 - Arbitrary File Upload author: pikpikcu severity: critical description: | WordPress Fancy Product Designer plugin before 4.6.9 is susceptible to an arbitrary file upload. An attacker can upload malicious files and execute code on the server, modify data, and/or gain full control over a compromised system without authentication. impact: | Attackers can upload malicious files and execute arbitrary code on the target system. remediation: | Update WordPress Fancy Product Designer plugin to version 4.6.9 or later to fix the vulnerability. reference: - https://www.wordfence.com/blog/2021/06/critical-0-day-in-fancy-product-designer-under-active-attack/ - https://wpscan.com/vulnerability/82c52461-1fdc-41e4-9f51-f9dd84962b38 - https://seclists.org/fulldisclosure/2020/Nov/30 - https://nvd.nist.gov/vuln/detail/CVE-2021-24370 - https://www.secpod.com/blog/critical-zero-day-flaw-actively-exploited-in-wordpress-fancy-product-designer-plugin/ classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2021-24370 cwe-id: CWE-434 epss-score: 0.11015 epss-percentile: 0.95013 cpe: cpe:2.3:a:radykal:fancy_product_designer:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 vendor: radykal product: fancy_product_designer framework: wordpress google-query: inurl:“/wp-content/plugins/fancy-product-designer” tags: cve2021,cve,wordpress,wp,seclists,wpscan,rce,wp-plugin,fancyproduct,radykal
http: - method: GET path: - "{{BaseURL}}/wp-content/plugins/fancy-product-designer/inc/custom-image-handler.php"
matchers-condition: and matchers: - type: word part: body words: - '{"error":"You need to define a directory'
- type: word part: header words: - "text/html"
- type: status status: - 200# digest: 4b0a00483046022100e2f770f6473f038e215e86f9d2bcd3a742ddeb27fa3f4b9bfdcd49913fb771a00221008b600c8347c098b2a2c55b3a5af9924833bf427f35680619893e26143704533b:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "http/cves/2021/CVE-2021-24370.yaml"