How severe is CVE-2021-40524?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2021-40524?

This is classified as CWE-434, which is a common weakness in software security.

CVE-2021-40524

HIGH Year: 2021

CVSS v3 Score

7.5

High

CVSS v2 Score

5.0

Medium

Weakness Type

CWE-434

View all →

Vulnerability Description

In Pure-FTPd before 1.0.50, an incorrect max_filesize quota mechanism in the server allows attackers to upload files of unbounded size, which may lead to denial of service or a server hang. This occurs because a certain greater-than-zero test does not anticipate an initial -1 value. (Versions 1.0.23 through 1.0.49 are affected.)

CVE-2015-9338

HIGH

CVSS:7.5(High)

The wp-file-upload plugin before 2.5.0 for WordPress has insufficient restrictions on upload of .php files.

CWE-4342015

CVE-2015-9339

HIGH

CVSS:7.5(High)

The wp-file-upload plugin before 2.7.1 for WordPress has insufficient restrictions on upload of .js files.

CWE-4342015

CVE-2015-9340

HIGH

CVSS:7.5(High)

The wp-file-upload plugin before 3.0.0 for WordPress has insufficient restrictions on upload of php, js, pht, php3, php4, php5, phtml, htm, html, and htaccess files.

CWE-4342015

CVE-2015-9341

HIGH

CVSS:7.5(High)

The wp-file-upload plugin before 3.4.1 for WordPress has insufficient restrictions on upload of .php.js files.

CWE-4342015

CVE-2016-10958

HIGH

CVSS:7.5(High)

The estatik plugin before 2.3.0 for WordPress has unauthenticated arbitrary file upload via es_media_images[] to wp-admin/admin-ajax.php.

CWE-4342016

CVE-2016-7452

HIGH

CVSS:7.5(High)

The Pixidou Image Editor in Exponent CMS prior to v2.3.9 patch 2 could be used to upload a malicious file to any folder on the site via a cpi directory traversal.

CWE-4342016

CVE-2021-40524

Vulnerability Description

Related Vulnerabilities

CVE-2015-9338

CVE-2015-9339

CVE-2015-9340

CVE-2015-9341

CVE-2016-10958

CVE-2016-7452