Reliance on File Name or Extension of Externally-Supplied File

CVE-2021-34639

High

7.5/10

Summary

Authenticated File Upload in WordPress Download Manager <= 3.1.24 allows authenticated (Author+) users to upload files with a double extension, e.g. "payload.php.png" which is executable in some configurations. This issue affects: WordPress Download Manager version 3.1.24 and prior versions.

Attack Complexity: HIGH
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-646 - Reliance on File Name or Extension of Externally-Supplied File

The software allows a file to be uploaded, but it relies on the file name or extension of the file to determine the appropriate behaviors. This could be used by attackers to cause the file to be misclassified and processed in a dangerous fashion.

References

Advisory Timeline

Published Aug 05, 2021

Reliance on File Name or Extension of Externally-Supplied File

CVE-2021-34639

Summary

CWE-646 - Reliance on File Name or Extension of Externally-Supplied File

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS