CVE-2022-1551 – SP Project & Document Manager < 4.58 - Sensitive File Disclosure
https://notcve.org/view.php?id=CVE-2022-1551
The SP Project & Document Manager WordPress plugin before 4.58 uses an easily guessable path to store user files, bad actors could use that to access other users' sensitive files. El plugin SP Project & Document Manager de WordPress versiones hasta 4.57, usa una ruta fácilmente adivinable para almacenar los archivos de usuarios, unos malos actores podrían usarlo para acceder a los archivos confidenciales de otros usuarios The SP Project & Document Manager WordPress plugin through 4.57 uses an easily guessable path to store user files, bad actors could use that to access other users' sensitive files. • https://wpscan.com/vulnerability/51b4752a-7922-444d-a022-f1c7159b5d84 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-425: Direct Request ('Forced Browsing') •
CVE-2021-38324 – SP Rental Manager <= 1.5.3 Unauthenticated SQL Injection
https://notcve.org/view.php?id=CVE-2021-38324
The SP Rental Manager WordPress plugin is vulnerable to SQL Injection via the orderby parameter found in the ~/user/shortcodes.php file which allows attackers to retrieve information contained in a site's database, in versions up to and including 1.5.3. El plugin SP Rental Manager de WordPress, es vulnerable a una inyección SQL por medio del parámetro orderby encontrado en el archivo ~/user/shortcodes.php que permite a atacantes recuperar información contenida en la base de datos de un sitio, en versiones hasta 1.5.3 incluyéndola • https://plugins.trac.wordpress.org/browser/sp-rental-manager/tags/1.5.3/user/shortcodes.php#L389 https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38324 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2021-38315 – SP Project & Document Manager <= 4.25 Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-38315
The SP Project & Document Manager WordPress plugin is vulnerable to attribute-based Reflected Cross-Site Scripting via the from and to parameters in the ~/functions.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 4.25. El plugin SP Project & Document Manager WordPress es vulnerable al Cross-Site Scripting Reflejado basado en atributos por medio de los parámetros from y to en el archivo ~/functions.php que permite a atacantes inyectar scripts web arbitrario, en versiones hasta 4.25 incluyéndola. • https://plugins.trac.wordpress.org/browser/sp-client-document-manager/trunk/functions.php?rev=2566007#L1186 https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38315 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2021-4225 – SP Project & Document Manager < 4.24 - Subscriber+ Shell Upload
https://notcve.org/view.php?id=CVE-2021-4225
The SP Project & Document Manager WordPress plugin before 4.24 allows any authenticated users, such as subscribers, to upload files. The plugin attempts to prevent PHP and other similar files that could be executed on the server from being uploaded by checking the file extension. It was discovered that on Windows servers, the security checks in place were insufficient, enabling bad actors to potentially upload backdoors on vulnerable sites. El plugin SP Project & Document Manager de WordPress versiones anteriores a 4.24, permite a cualquier usuario autenticado, como los suscriptores, subir archivos. El plugin intenta evitar que sean subidos archivos PHP y otros similares que podrían ejecutarse en el servidor, comprobando la extensión del archivo. • https://github.com/pang0lin/CVEproject/blob/main/wordpress_SP-Project_fileupload.md https://wpscan.com/vulnerability/bd1083d1-edcc-482e-a8a9-c8b6c8d417bd • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2021-24347 – SP Project & Document Manager <2 4.22 - Authenticated Shell Upload
https://notcve.org/view.php?id=CVE-2021-24347
The SP Project & Document Manager WordPress plugin before 4.22 allows users to upload files, however, the plugin attempts to prevent php and other similar files that could be executed on the server from being uploaded by checking the file extension. It was discovered that php files could still be uploaded by changing the file extension's case, for example, from "php" to "pHP". El plugin SP Project & Document Manager WordPress versiones anteriores a 4.22, permite a usuarios subir archivos, sin embargo, el plugin intenta impedir que archivos php y otros similares que podrían ser ejecutados en el servidor donde han sido cargados al comprobar la extensión del archivo. Se detectó que los archivos php podían seguir siendo subidos al cambiar el caso de la extensión del archivo, por ejemplo, de "php" a "pHP" WordPress SP Project and Document Manager plugin version 4.21 suffers from a remote shell upload vulnerability. • http://packetstormsecurity.com/files/163434/WordPress-SP-Project-And-Document-Manager-4.21-Shell-Upload.html http://packetstormsecurity.com/files/163675/WordPress-SP-Project-And-Document-Remote-Code-Execution.html https://wpscan.com/vulnerability/8f6e82d5-c0e9-468e-acb8-7cd549f6a45a - • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-178: Improper Handling of Case Sensitivity •