CVE-2021-24145
Description
Arbitrary file upload in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not properly check the imported file, allowing PHP ones to be uploaded by administrator by using the 'text/csv' content-type in the request.
NVD
Severity: HIGH
CVE ID: CVE-2021-24145
CVSS Score: 7.2
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Proof Of Concept
Nuclei Templates for CVE-2021-24145
Refrence: Project Discovery GitHub
dnr6419
WordPress File Upload Vulnerability, Modern Events Calendar Lite WordPress plugin before 5.16.5
Refrence: GitHub