XSS in PHP cURL extension affecting multiple applications
CVE-2021-30134

6.1MEDIUM

Key Information:

Vendor: PHP Curl Class Project
Status: PHP Curl Class
Vendor: CVE Published:; 26 December 2022

🔔 Create PHP Curl Class Project Vulnerability Alert

What is CVE-2021-30134?

The php-mod/curl version prior to 2.3.2 is vulnerable to Cross-Site Scripting (XSS) attacks. Specifically, the vulnerability arises from improper handling of the 'post_file_path_upload.php' key parameter and the POST data submitted to 'post_multidimensional.php'. This security flaw could allow attackers to inject malicious scripts, resulting in unauthorized actions on behalf of the users and potential access to sensitive information.

References

https://wpscan.com/vulnerability/0b547728-27d2-402e-ae17-...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 26, 2022
Vulnerability Reserved
Apr 5, 2021

CVE-2021-30134 Data

JSON