Home / Early Warning / Vulnerabilidades / CVE-2021-39352

CVE-2021-39352

Type: 
Unrestricted Upload of File with Dangerous Type
Severity: 
Medium
Publication date: 
10/21/2021
Last modified: 
01/05/2022
Description
The Catch Themes Demo Import WordPress plugin is vulnerable to arbitrary file uploads via the import functionality found in the ~/inc/CatchThemesDemoImport.php file, in versions up to and including 1.7, due to insufficient file type validation. This makes it possible for an attacker with administrative privileges to upload malicious files that can be used to achieve remote code execution.
Impact
Access Vector: Through network
Access Complexity: Low
Authentication: Requires a single instance to exploit
Impact Type: Partially affects on system integrity + Partially affects on system confidentiality + Partially affects on system availability
Vulnerable software and versions
  • cpe:2.3:a:catchplugins:catch_themes_demo_import:*:*:*:*:*:wordpress:*:*
To consult the complete list of products and versions see this page
Explanation of fields