Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2021-24966

CWE-734 documents4 sources

Severity

4.9MEDIUM

EPSS

5.7%

top 9.62%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Unknown Error LOG Viewer BY Bestwebsoft Bestwebsoft Error LOG Viewer

Timeline

PublishedMar 14

Latest updateMar 15

Description

The Error Log Viewer WordPress plugin through 1.1.1 does not validate the path of the log file to clear, allowing high privilege users to clear arbitrary files on the web server, including those outside of the blog folder

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages2 packages

▶NVDbestwebsoft/error_log_viewer1.1.1

▶CVEListV5unknown/error_log_viewer_by_bestwebsoft1.1.1 — 1.1.1

🔴Vulnerability Details

GHSA

GHSA-6x4q-qqxj-h82w: The Error Log Viewer WordPress plugin through 1↗2022-03-15

▶

CVEList

Error Log Viewer Plugin <= 1.1.1 - Admin+ Arbitrary File Clearing↗2022-03-14

▶

💥Exploits & PoCs

Exploit-DB

WordPress Plugin Error Log Viewer 1.1.1 - Arbitrary File Clearing (Authenticated)↗2022-02-16

▶