Q: Is it fixed officially? (Patch/Mitigation)

✅ **Fix**: Upgrade **SP Project & Document Manager** to **version 4.22 or later**. 🔄 **Patch**: Official vendor update resolves the input validation flaw.

Q: What if no patch? (Workaround)

🚧 **No Patch?**: Disable file upload feature. 🛑 **Block**: Use WAF to block uploads of `php`, `pHP`, `PHP`, etc. 🧹 **Audit**: Remove the plugin if not needed.

Q: Is it urgent? (Priority Suggestion)

🔴 **Priority**: **HIGH**. RCE risk is critical. Even with auth requirement, the bypass is trivial. Patch immediately to prevent server takeover.

Question 1

What is this vulnerability? (Essence + Consequences)

Accepted Answer

🚨 **Essence**: A code injection flaw in the **SP Project & Document Manager** plugin. 📉 **Consequences**: Attackers can upload malicious PHP files, leading to **Remote Code Execution (RCE)** and full server compromise.

Question 2

Root Cause? (CWE/Flaw)

Accepted Answer

🛡️ **Root Cause**: **CWE-178** (Improper Output Neutralization for Logs/Code). The plugin fails to validate file extensions strictly, allowing bypass via **case manipulation** (e.g., `pHP` instead of `php`).

Question 3

Who is affected? (Versions/Components)

Accepted Answer

🎯 **Affected**: WordPress sites using **SP Project & Document Manager** plugin **before version 4.22**. 🌐 **Platform**: PHP/MySQL based WordPress blogs.

Question 4

What can hackers do? (Privileges/Data)

Accepted Answer

💀 **Attacker Actions**: Upload shell scripts. 🗝️ **Privileges**: Gain **authenticated shell access**. 📂 **Data**: Full control over server files and database.

Question 5

Is exploitation threshold high? (Auth/Config)

Accepted Answer

⚠️ **Threshold**: **Medium**. Requires **Authentication** (valid user account). Not fully remote unauthenticated, but easy to exploit if credentials are obtained.

Question 6

Is there a public Exp? (PoC/Wild Exploitation)

Accepted Answer

🔥 **Exploits**: **Yes**. Public PoCs available on GitHub and PacketStorm. 📜 **Nuclei Templates** exist for automated scanning.

Question 7

How to self-check? (Features/Scanning)

Accepted Answer

🔍 **Check**: Scan for plugin version < 4.22. 🧪 **Test**: Try uploading a file with extension `pHP` or `PHT`. If accepted, you are vulnerable.

Question 8

Is it fixed officially? (Patch/Mitigation)

Accepted Answer

✅ **Fix**: Upgrade **SP Project & Document Manager** to **version 4.22 or later**. 🔄 **Patch**: Official vendor update resolves the input validation flaw.

Question 9

What if no patch? (Workaround)

Accepted Answer

🚧 **No Patch?**: Disable file upload feature. 🛑 **Block**: Use WAF to block uploads of `php`, `pHP`, `PHP`, etc. 🧹 **Audit**: Remove the plugin if not needed.

Question 10

Is it urgent? (Priority Suggestion)

Accepted Answer

🔴 **Priority**: **HIGH**. RCE risk is critical. Even with auth requirement, the bypass is trivial. Patch immediately to prevent server takeover.

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2021-24347 — AI Deep Analysis Summary

Q1What is this vulnerability? (Essence + Consequences)

Q2Root Cause? (CWE/Flaw)

Q3Who is affected? (Versions/Components)

Q4What can hackers do? (Privileges/Data)

Q5Is exploitation threshold high? (Auth/Config)

Q6Is there a public Exp? (PoC/Wild Exploitation)

Q7How to self-check? (Features/Scanning)

Q8Is it fixed officially? (Patch/Mitigation)

Q9What if no patch? (Workaround)

Q10Is it urgent? (Priority Suggestion)

Continue exploring