What is CVE-2021-24145?

CVE-2021-24145 is a vulnerability in Modern Events Calendar Lite, classified under Unrestricted Upload of File with Dangerous Type. Published 2021-03-18.

Is CVE-2021-24145 known to be exploited?

20 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Arbitrary file upload in Modern Events Calendar Lite

CVE-2021-24145

Arbitrary file upload in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not properly check the imported file, allowing PHP ones to be uploaded by administrator by using the 'text/csv' content-type in the requ…

Vulnerability class: Unrestricted File Upload

EPSS: 0.913 (99.7th percentile) — read the EPSS interpretation.

Affected products

Unknown Modern Events Calendar Lite — versions 5.16.5

Weakness classification (CWE)

CWE-434 — Unrestricted Upload of File with Dangerous Type

Public proof-of-concept exploits

References

wpscan.com/vulnerability/f42cc26b-9aab-4824-8168-b5b8571d1610 (x_refsource_MISC)
packetstormsecurity.com/files/163346/WordPress-Modern-Events-Calendar-5.16.2-Sh… (x_refsource_MISC)
packetstormsecurity.com/files/163672/WordPress-Modern-Events-Calendar-Remote-Co… (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-24145?: CVE-2021-24145 is a vulnerability in Modern Events Calendar Lite, classified under Unrestricted Upload of File with Dangerous Type. Published 2021-03-18.
Is CVE-2021-24145 known to be exploited?: 20 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.