How severe is CVE-2021-24347?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.8 out of 10.

What type of vulnerability is CVE-2021-24347?

This is classified as CWE-178, which is a common weakness in software security.

CVE-2021-24347 - HIGH Severity | CVSS 8.8

Vulnerability Description

The SP Project & Document Manager WordPress plugin before 4.22 allows users to upload files, however, the plugin attempts to prevent php and other similar files that could be executed on the server from being uploaded by checking the file extension. It was discovered that php files could still be uploaded by changing the file extension's case, for example, from "php" to "pHP".

Related Vulnerabilities

CVE-2019-6289

HIGH

CVSS:8.8(High)

uploads/include/dialog/select_soft.php in DedeCMS V57_UTF8_SP2 allows remote attackers to execute arbitrary PHP code by uploading with a safe file extension and then renaming with a mixed-case variati...

CWE-1782019

CVE-2024-55634

HIGH

CVSS:8.1(High)

A vulnerability in Drupal Core allows Privilege Escalation.This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8.

CWE-1782024

CVE-2001-0766

CRITICAL

CVSS:9.8(Critical)

Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters.

CWE-1782001

CVE-2002-1820

CRITICAL

CVSS:9.8(Critical)

register.php in Ultimate PHP Board (UPB) 1.0 and 1.0b uses an administrative account Admin with a capital "A," but allows a remote attacker to impersonate the administrator by registering an account n...

CWE-1782002

CVE-2002-2119

CRITICAL

CVSS:9.8(Critical)

Novell eDirectory 8.6.2 and 8.7 use case insensitive passwords, which makes it easier for remote attackers to conduct brute force password guessing.

CWE-1782002

CVE-2004-2154

CRITICAL

CVSS:9.8(Critical)

CUPS before 1.1.21rc1 treats a Location directive in cupsd.conf as case sensitive, which allows attackers to bypass intended ACLs via a printer name containing uppercase or lowercase letters that are ...

CWE-1782004