CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1551 – SP Project & Document Manager < 4.58 - Sensitive File Disclosure
https://notcve.org/view.php?id=CVE-2022-1551
The SP Project & Document Manager WordPress plugin before 4.58 uses an easily guessable path to store user files, bad actors could use that to access other users' sensitive files. El plugin SP Project & Document Manager de WordPress versiones hasta 4.57, usa una ruta fácilmente adivinable para almacenar los archivos de usuarios, unos malos actores podrían usarlo para acceder a los archivos confidenciales de otros usuarios The SP Project & Document Manager WordPress plugin through 4.57 uses an easily guessable path to store user files, bad actors could use that to access other users' sensitive files. • https://wpscan.com/vulnerability/51b4752a-7922-444d-a022-f1c7159b5d84 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-425: Direct Request ('Forced Browsing') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-38315 – SP Project & Document Manager <= 4.25 Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-38315
The SP Project & Document Manager WordPress plugin is vulnerable to attribute-based Reflected Cross-Site Scripting via the from and to parameters in the ~/functions.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 4.25. El plugin SP Project & Document Manager WordPress es vulnerable al Cross-Site Scripting Reflejado basado en atributos por medio de los parámetros from y to en el archivo ~/functions.php que permite a atacantes inyectar scripts web arbitrario, en versiones hasta 4.25 incluyéndola. • https://plugins.trac.wordpress.org/browser/sp-client-document-manager/trunk/functions.php?rev=2566007#L1186 https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38315 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 2CVE-2021-4225 – SP Project & Document Manager < 4.24 - Subscriber+ Shell Upload
https://notcve.org/view.php?id=CVE-2021-4225
The SP Project & Document Manager WordPress plugin before 4.24 allows any authenticated users, such as subscribers, to upload files. The plugin attempts to prevent PHP and other similar files that could be executed on the server from being uploaded by checking the file extension. It was discovered that on Windows servers, the security checks in place were insufficient, enabling bad actors to potentially upload backdoors on vulnerable sites. El plugin SP Project & Document Manager de WordPress versiones anteriores a 4.24, permite a cualquier usuario autenticado, como los suscriptores, subir archivos. El plugin intenta evitar que sean subidos archivos PHP y otros similares que podrían ejecutarse en el servidor, comprobando la extensión del archivo. • https://github.com/pang0lin/CVEproject/blob/main/wordpress_SP-Project_fileupload.md https://wpscan.com/vulnerability/bd1083d1-edcc-482e-a8a9-c8b6c8d417bd • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 97%CPEs: 1EXPL: 4CVE-2021-24347 – SP Project & Document Manager <2 4.22 - Authenticated Shell Upload
https://notcve.org/view.php?id=CVE-2021-24347
The SP Project & Document Manager WordPress plugin before 4.22 allows users to upload files, however, the plugin attempts to prevent php and other similar files that could be executed on the server from being uploaded by checking the file extension. It was discovered that php files could still be uploaded by changing the file extension's case, for example, from "php" to "pHP". El plugin SP Project & Document Manager WordPress versiones anteriores a 4.22, permite a usuarios subir archivos, sin embargo, el plugin intenta impedir que archivos php y otros similares que podrían ser ejecutados en el servidor donde han sido cargados al comprobar la extensión del archivo. Se detectó que los archivos php podían seguir siendo subidos al cambiar el caso de la extensión del archivo, por ejemplo, de "php" a "pHP" WordPress SP Project and Document Manager plugin version 4.21 suffers from a remote shell upload vulnerability. • http://packetstormsecurity.com/files/163434/WordPress-SP-Project-And-Document-Manager-4.21-Shell-Upload.html http://packetstormsecurity.com/files/163675/WordPress-SP-Project-And-Document-Remote-Code-Execution.html https://wpscan.com/vulnerability/8f6e82d5-c0e9-468e-acb8-7cd549f6a45a https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/wp_plugin_sp_project_document_rce.rb • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-178: Improper Handling of Case Sensitivity •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 3CVE-2014-9178 – SP Project & Document Manager < 2.4.4 - Multiple SQL Injection
https://notcve.org/view.php?id=CVE-2014-9178
Multiple SQL injection vulnerabilities in classes/ajax.php in the Smarty Pants Plugins SP Project & Document Manager plugin (sp-client-document-manager) 2.4.1 and earlier for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) vendor_email[] parameter in the email_vendor function or id parameter in the (2) download_project, (3) download_archive, or (4) remove_cat function. Múltiples vulnerabilidades de inyección SQL en classes/ajax.php en el plugin Smarty Pants Plugins SP Project & Document Manager (sp-client-document-manager) 2.4.1 y anteriores para WordPress permiten a atacantes remotos ejecutar comandos SQL arbitrarios a través del (1) parámetro vendor_email[] en la función email_vendor o del parámetro id en la función (2) download_project, (3) download_archive, o (4) remove_cat. • https://www.exploit-db.com/exploits/35313 http://packetstormsecurity.com/files/129212/WordPress-SP-Client-Document-Manager-2.4.1-SQL-Injection.html http://www.exploit-db.com/exploits/35313 http://www.itas.vn/news/itas-team-phat-hien-nhieu-lo-hong-sql-injection-trong-sp-client-document-manager-plugin-67.html http://www.securityfocus.com/archive/1/534041/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/98897 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •