Main Vulnerability Database Exploits ID:8335 - Exploit for Arbitrary file upload in Modern Events Calendar Lite - CVE-2021-24145

ID:8335 - Exploit for Arbitrary file upload in Modern Events Calendar Lite - CVE-2021-24145

Published: September 3, 2022

Vulnerability identifier: #VU66954

Vulnerability risk: Low

CVE-ID: CVE-2021-24145

CWE-ID: CWE-434

Exploitation vector: Remote access

Vulnerable software:
Modern Events Calendar Lite

Link to public exploit:

https://www.exploit-db.com/exploits/50082/

Vulnerability description

The vulnerability allows a remote user to compromise vulnerable system.

The vulnerability exists due to insufficient validation of content-type when processing files uploads. A remote website administrator can upload an arbitrary PHP file by setting its content-type to "text/csv" and execute it on the server.

Remediation

Install update from vendor's website.

ID:8335 - Exploit for Arbitrary file upload in Modern Events Calendar Lite - CVE-2021-24145

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human