logo

Database

Insecure file upload In wpanel/wpanel4-cms

Description

Unrestricted Upload of File with Dangerous Type in WPanel 4 Multiple Remote Code Execution (RCE) vulnerabilities exist in WPanel 4 4.3.1 and below via a malicious PHP file upload to (1) Dashboard's Avatar image, (2) Posts Folder image, (3) Pages Folder image and (4) Gallery Folder image.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version

Aliases

1. CVE-2021-342572. NVD-2021-342573. OSV-2021-342574. GCVE-2021-34257

References

1. https://github.com/Sentinal920/WPanel4-Authenticated-RCE2. https://latestpcsolution.wordpress.com/2021/06/05/wpanel4-cms-authenticated-rce

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.