MidnightBSD

Advisories for simple_schools_staff_directory_project

CVE-2021-24663 MEDIUM

The Simple Schools Staff Directory WordPress plugin through 1.1 does not validate uploaded logo pictures to ensure that are indeed images, allowing high privilege users such as admin to upload arbitrary file like PHP, leading to RCE

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-434,

Products Affected

Vendor Product Version
simple_schools_staff_directory_project simple_schools_staff_directory *