Vulnerabilities > CVE-2021-24223 - Unspecified vulnerability in N5 Upload Form Project N5 Upload Form

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

n5-upload-form-project

critical

NVD

Published: 2021-04-12

Updated: 2024-11-21

Summary

The N5 Upload Form WordPress plugin through 1.0 suffers from an arbitrary file upload issue in page where a Form from the plugin is embed, as any file can be uploaded. The uploaded filename might be hard to guess as it's generated with md5(uniqid(rand())), however, in the case of misconfigured servers with Directory listing enabled, accessing it is trivial.

Vulnerable Configurations

Part	Description	Count
Application	N5_Upload_Form_Project N5 Upload Form Project N5 Upload Form *	1

References

https://github.com/jinhuang1102/CVE-ID-Reports/blob/12863f80ced5361e2e2c3f7209566ab3730aa37b/N5_upload.md
https://github.com/jinhuang1102/CVE-ID-Reports/blob/12863f80ced5361e2e2c3f7209566ab3730aa37b/N5_upload.md
https://wpscan.com/vulnerability/d7a72183-0cd1-45de-b98b-2e295b27e5db
https://wpscan.com/vulnerability/d7a72183-0cd1-45de-b98b-2e295b27e5db