CVE-2021-47965

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions WP Super Edit versions 2.5.4 and earlier

Description The FCKeditor component contains an unrestricted file upload flaw. Attackers can upload arbitrary and dangerous file types without validation through the 'filemanager upload' endpoint, which can lead to remote code execution and complete system compromise.

Recommendations Update to a version later than 2.5.4. As a temporary workaround, restrict access to the 'filemanager upload' endpoint to minimize the risk of exploitation.

Exploit

Fix

RCE

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2021-47965

Affected Products

Wp Super Edit

CVE-2021-47965

Weakness Enumeration

Related Identifiers

Affected Products

References · 6