CVE-2021-25082
Popup Builder < 4.0.7 - LFI to RCE
Severity Score
8.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The Popup Builder WordPress plugin before 4.0.7 does not validate and sanitise the sgpb_type parameter before using it in a require statement, leading to a Local File Inclusion issue. Furthermore, since the beginning of the string can be controlled, the issue can lead to RCE vulnerability via wrappers such as PHAR
El plugin Popup Builder de WordPress versiones anteriores a 4.0.7, no comprueba ni sanea el parámetro sgpb_type antes de usarlo en una sentencia require, lo que conlleva un problema de inclusión de archivos locales. Además, dado que el comienzo de la cadena puede ser controlado, el problema puede conllevar a una vulnerabilidad RCE por medio de wrappers como PHAR
*Credits:
JrXnm
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2021-01-14 CVE Reserved
- 2022-01-24 CVE Published
- 2023-09-14 EPSS Updated
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
- CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://plugins.trac.wordpress.org/changeset/2659117 | Release Notes |
| URL | Date | SRC |
|---|---|---|
| https://wpscan.com/vulnerability/0f90f10c-4b0a-46da-ac1f-aa6a03312132 | 2024-08-03 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Sygnoos Search vendor "Sygnoos" | Popup Builder Search vendor "Sygnoos" for product "Popup Builder" | < 4.0.7 Search vendor "Sygnoos" for product "Popup Builder" and version " < 4.0.7" | wordpress |
Affected
| ||||||