XSS in PHP cURL extension affecting multiple applications
CVE-2021-30134

6.1MEDIUM

Key Information:

Vendor: PHP Curl Class Project
Status: PHP Curl Class
Vendor: CVE Published:; 26 December 2022

What is CVE-2021-30134?

The php-mod/curl version prior to 2.3.2 is vulnerable to Cross-Site Scripting (XSS) attacks. Specifically, the vulnerability arises from improper handling of the 'post_file_path_upload.php' key parameter and the POST data submitted to 'post_multidimensional.php'. This security flaw could allow attackers to inject malicious scripts, resulting in unauthorized actions on behalf of the users and potential access to sensitive information.

References

https://wpscan.com/vulnerability/0b547728-27d2-402e-ae17-...

EPSS Score

8% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Dec 26, 2022
Vulnerability Reserved
Apr 5, 2021

PHP Curl Class Project

What is CVE-2021-30134?

References

EPSS Score

CVSS V3.1

Timeline