CVE-2021-24370: WordPress Fancy Product Designer <4.6.9 - Arbitrary File Upload

日期: 2025-08-01 | 影响软件: WordPress Fancy Product Designer | POC: 已公开

漏洞描述

WordPress Fancy Product Designer plugin before 4.6.9 is susceptible to an arbitrary file upload. An attacker can upload malicious files and execute code on the server, modify data, and/or gain full control over a compromised system without authentication.

PoC代码[已公开]

id: CVE-2021-24370

info:
  name: WordPress Fancy Product Designer <4.6.9  - Arbitrary File Upload
  author: pikpikcu
  severity: critical
  description: |
    WordPress Fancy Product Designer plugin before 4.6.9 is susceptible to an arbitrary file upload. An attacker can upload malicious files and execute code on the server, modify data, and/or gain full control over a compromised system without authentication.
  impact: |
    Attackers can upload malicious files and execute arbitrary code on the target system.
  remediation: |
    Update WordPress Fancy Product Designer plugin to version 4.6.9 or later to fix the vulnerability.
  reference:
    - https://www.wordfence.com/blog/2021/06/critical-0-day-in-fancy-product-designer-under-active-attack/
    - https://wpscan.com/vulnerability/82c52461-1fdc-41e4-9f51-f9dd84962b38
    - https://seclists.org/fulldisclosure/2020/Nov/30
    - https://nvd.nist.gov/vuln/detail/CVE-2021-24370
    - https://www.secpod.com/blog/critical-zero-day-flaw-actively-exploited-in-wordpress-fancy-product-designer-plugin/
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2021-24370
    cwe-id: CWE-434
    epss-score: 0.8345
    epss-percentile: 0.99236
    cpe: cpe:2.3:a:radykal:fancy_product_designer:*:*:*:*:*:wordpress:*:*
  metadata:
    max-request: 1
    vendor: radykal
    product: fancy_product_designer
    framework: wordpress
    google-query: inurl:“/wp-content/plugins/fancy-product-designer”
  tags: cve2021,cve,wordpress,wp,seclists,wpscan,rce,wp-plugin,fancyproduct,radykal

http:
  - method: GET
    path:
      - "{{BaseURL}}/wp-content/plugins/fancy-product-designer/inc/custom-image-handler.php"

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - '{"error":"You need to define a directory'

      - type: word
        part: header
        words:
          - "text/html"

      - type: status
        status:
          - 200
# digest: 4a0a00473045022100942b83358f899de554b43d553d1d896b8533c3559139c674b7f1eed0bac46a4e02207cecb810e7c693cea796db9c6a745dad03089488eb235e4b177e8cfe65f53023:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-24370.yaml