cbcvebase.
CVE-2021-30134
published 2022-12-26

CVE-2021-30134: php-mod/curl (a wrapper of the PHP cURL extension) before 2.3.2 allows XSS via the post_file_path_upload.php key parameter and the POST data to…

PriorityP334medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
1.26%
66.0th percentile
php-mod/curl (a wrapper of the PHP cURL extension) before 2.3.2 allows XSS via the post_file_path_upload.php key parameter and the POST data to post_multidimensional.php.

Affected

7 ranges
VendorProductVersion rangeFixed in
ht_slider_range_for_amazon_affiliates_projectht_slider_range_for_amazon_affiliates< 1.1.61.1.6
php-modcurl>= 0 < 2.3.22.3.2
php_curl_class_projectphp_curl_class< 2.3.22.3.2
ptwoopluginsinvoicing_with_invoicexpress_for_woocommerce< 3.0.33.0.3
qiwiwoo-qiwi-payment-gateway<= 0.0.9
shopello_api_projectshopello_api<= 2.9.0
teamleadeteamleader_crm_forms< 2.1.02.1.0
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.