CVE-2021-24347

HIGH NUCLEI

SP Project & Document Manager <4.22 - Path Traversal

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-24347. PoCs published by Ron Jost, including Metasploit module exploits/multi/http/wp_plugin_sp_project_document_rce. A Nuclei detection template is also available.

AI-analyzed exploit summary This Metasploit module exploits an arbitrary file upload vulnerability in the WordPress plugin SP Project & Document < 4.22. It bypasses security checks by using uppercase letters in the file extension (e.g., `.pHP`) and uploads a malicious PHP payload, which is then triggered to execute arbitrary code.

Description

The SP Project & Document Manager WordPress plugin before 4.22 allows users to upload files, however, the plugin attempts to prevent php and other similar files that could be executed on the server from being uploaded by checking the file extension. It was discovered that php files could still be uploaded by changing the file extension's case, for example, from "php" to "pHP".

Exploits (1)

metasploit WORKING POC EXCELLENT

by Ron Jost · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/wp_plugin_sp_project_document_rce.rb

View Code ZIP pw:eip

This Metasploit module exploits an arbitrary file upload vulnerability in the WordPress plugin SP Project & Document < 4.22. It bypasses security checks by using uppercase letters in the file extension (e.g., `.pHP`) and uploads a malicious PHP payload, which is then triggered to execute arbitrary code.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: WordPress Plugin SP Project & Document < 4.22

Auth required

Prerequisites: Valid WordPress admin credentials · SP Project & Document plugin version < 4.22 installed

MITRE ATT&CK

T1105 - Ingress Tool Transfer T1204 - User Execution T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

WordPress SP Project & Document Manager <4.22 - Authenticated Shell Upload

HIGHVERIFIEDby theamanrawat

References (3)

Core 3

Core References

Exploit, Third Party Advisory x_refsource_confirm

https://wpscan.com/vulnerability/8f6e82d5-c0e9-468e-acb8-7cd549f6a45a

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/163434/WordPress-SP-Project-And-Document-Manager-4.21-Shell-Upload.html

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/163675/WordPress-SP-Project-And-Document-Remote-Code-Execution.html

Scores

CVSS v3 8.8

EPSS 0.5034

EPSS Percentile 98.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-178

Status published

Products (1)

smartypantsplugins/sp_project_\&_document_manager < 4.22

Published Jun 14, 2021

Tracked Since Feb 18, 2026