CVE-2021-24347

CVE-2021-24347: SP Project & Document Manager <2 4.22 - Authenticated Shell Upload

Vendor Unknown
Product SP Project & Document Manager
Weakness CWE-178
Published June 14, 2021
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

The SP Project & Document Manager WordPress plugin before 4.22 allows users to upload files, however, the plugin attempts to prevent php and other similar files that could be executed on the server from being uploaded by checking the file extension. It was discovered that php files could still be uploaded by changing the file extension's case, for example, from "php" to "pHP".

Key dates

02Disclosure timeline

June 14, 2021 CVE published
August 3, 2024 Record updated

Related vulnerabilities

04Related CVE