Arbitrary File Upload Vulnerability in JPress by JPress Projects
CVE-2021-45808

8.8HIGH

Key Information:

Vendor
Jpress
Status
Jpress
Vendor
CVE Published:
19 January 2022

Summary

The arbitrary file upload vulnerability in JPress v4.2.0 allows unauthorized users to register accounts by default. Once registered, users gain the ability to upload arbitrary files to the server, potentially leading to further exploitation. This flaw emphasizes the need for stringent access controls and validation measures to prevent unauthorized file uploads and to safeguard server integrity.

References

http://jpress.com
x_refsource_MISC
https://github.com/JPressProjects/jpress
x_refsource_MISC
https://github.com/JPressProjects/jpress/issues/173
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.