// For flags

CVE-2021-30134

 

Severity Score

6.1
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

php-mod/curl (a wrapper of the PHP cURL extension) before 2.3.2 allows XSS via the post_file_path_upload.php key parameter and the POST data to post_multidimensional.php.

php-mod/curl (un contenedor de la extensión PHP cURL) anterior a 2.3.2 permite XSS a través del parámetro clave post_file_path_upload.php y los datos POST en post_multidimensional.php.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2021-04-05 CVE Reserved
  • 2022-12-26 CVE Published
  • 2024-07-18 EPSS Updated
  • 2024-08-03 CVE Updated
  • 2024-08-03 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Php Curl Class Project
Search vendor "Php Curl Class Project"
Php Curl Class
Search vendor "Php Curl Class Project" for product "Php Curl Class"
< 2.3.2
Search vendor "Php Curl Class Project" for product "Php Curl Class" and version " < 2.3.2"
-
Affected
Ht Slider Range For Amazon Affiliates Project
Search vendor "Ht Slider Range For Amazon Affiliates Project"
Ht Slider Range For Amazon Affiliates
Search vendor "Ht Slider Range For Amazon Affiliates Project" for product "Ht Slider Range For Amazon Affiliates"
< 1.1.6
Search vendor "Ht Slider Range For Amazon Affiliates Project" for product "Ht Slider Range For Amazon Affiliates" and version " < 1.1.6"
wordpress
Affected
Qiwi
Search vendor "Qiwi"
Woo-qiwi-payment-gateway
Search vendor "Qiwi" for product "Woo-qiwi-payment-gateway"
<= 0.0.9
Search vendor "Qiwi" for product "Woo-qiwi-payment-gateway" and version " <= 0.0.9"
wordpress
Affected
Teamleade
Search vendor "Teamleade"
Teamleader Crm Forms
Search vendor "Teamleade" for product "Teamleader Crm Forms"
< 2.1.0
Search vendor "Teamleade" for product "Teamleader Crm Forms" and version " < 2.1.0"
wordpress
Affected
Ptwooplugins
Search vendor "Ptwooplugins"
Invoicing With Invoicexpress For Woocommerce
Search vendor "Ptwooplugins" for product "Invoicing With Invoicexpress For Woocommerce"
< 3.0.3
Search vendor "Ptwooplugins" for product "Invoicing With Invoicexpress For Woocommerce" and version " < 3.0.3"
wordpress
Affected
Shopello Api Project
Search vendor "Shopello Api Project"
Shopello Api
Search vendor "Shopello Api Project" for product "Shopello Api"
<= 2.9.0
Search vendor "Shopello Api Project" for product "Shopello Api" and version " <= 2.9.0"
wordpress
Affected