what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 3 of 3 RSS Feed

CVE-2021-29447

Status Candidate

Overview

Wordpress is an open source CMS. A user with the ability to upload files (like an Author) can exploit an XML parsing issue in the Media Library leading to XXE attacks. This requires WordPress installation to be using PHP 8. Access to internal files is possible in a successful XXE attack. This has been patched in WordPress version 5.7.1, along with the older affected versions via a minor release. We strongly recommend you keep auto-updates enabled.

Related Files

WordPress 5.7 Media Library XML Injection
Posted Sep 20, 2021
Authored by David Uton

WordPress version 5.7 suffers from a Media Library XML external entity injection vulnerability.

tags | exploit
advisories | CVE-2021-29447
SHA-256 | f4d5079185c7b7a82974659421942eaed8b4ed45e1818b1ece7631fe12e92485
Download | Favorite | View
XML External Entity Via MP3 File Upload On WordPress
Posted Jun 15, 2021
Authored by Vallari Sharma, Archie Midha

This document illustrates proof of concept exploitation of a vulnerability in WordPress versions 5.6.0 through 5.7.0 that gives a user the ability to upload files on a server and exploit an XML parsing issue in the Media Library using an MP3 file upload that leads to an XXE attack.

tags | exploit, proof of concept, file upload
advisories | CVE-2021-29447
SHA-256 | 6f2b6fbc58bcb6f703bd6d4a439b0bd64de13c645bc50f0f2f21b49152561b36
Download | Favorite | View
Debian Security Advisory 4896-1
Posted Apr 28, 2021
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4896-1 - Several vulnerabilities were discovered in Wordpress, a web blogging tool. They allowed remote attackers to perform XML External Entity (XXE) attacks, and access private content.

tags | advisory, remote, web, vulnerability
systems | linux, debian
advisories | CVE-2021-29447, CVE-2021-29450
SHA-256 | e00b69e4ff46ca105c70362ee5ece24f6f93cc7b36e5b41b63549ad18bd8c25b
Download | Favorite | View
Page 1 of 1
Back1Next

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close