CVE-2021-4436

3DPrint Lite < 1.9.1.5 - Unauthenticated Arbitrary File Upload

Severity Score

9.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Attend

*SSVC

Descriptions

The 3DPrint Lite WordPress plugin before 1.9.1.5 does not have any authorisation and does not check the uploaded file in its p3dlite_handle_upload AJAX action , allowing unauthenticated users to upload arbitrary file to the web server. However, there is a .htaccess, preventing the file to be accessed on Web servers such as Apache.

El complemento 3DPrint Lite de WordPress anterior a 1.9.1.5 no tiene ninguna autorización y no verifica el archivo cargado en su acción p3dlite_handle_upload AJAX, lo que permite a usuarios no autenticados cargar archivos arbitrarios al servidor web. Sin embargo, existe un .htaccess que impide acceder al archivo en servidores web como Apache.

The 3DPrint Lite plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the p3dlite_handle_upload function in versions before 1.9.1.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.

*Credits: Spacehen, WPScan

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Attend

Exploitation

Poc

Automatable

Yes

Tech. Impact

Total

* Organization's Worst-case Scenario

Timeline

2021-09-23 CVE Published
2024-02-05 CVE Reserved
2024-08-03 CVE Updated
2024-08-03 First Exploit
2025-01-05 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-434: Unrestricted Upload of File with Dangerous Type

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC
https://wpscan.com/vulnerability/c46ecd0d-a132-4ad6-b936-8acde3a09282	2024-08-03

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Wp3dprinting Search vendor "Wp3dprinting"		3dprint Lite Search vendor "Wp3dprinting" for product "3dprint Lite"				< 1.9.1.5 Search vendor "Wp3dprinting" for product "3dprint Lite" and version " < 1.9.1.5"		wordpress		Affected