CVE-2021-30134

Source
https://cve.org/CVERecord?id=CVE-2021-30134
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-30134.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-30134
Aliases
Published
2022-12-26T07:15:11.310Z
Modified
2026-07-08T05:59:45.564272254Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

php-mod/curl (a wrapper of the PHP cURL extension) before 2.3.2 allows XSS via the postfilepathupload.php key parameter and the POST data to postmultidimensional.php.

Database specific
{
    "unresolved_ranges": [
        {
            "cpes": [
                "cpe:2.3:a:ht_slider_range_for_amazon_affiliates_project:ht_slider_range_for_amazon_affiliates:*:*:*:*:*:wordpress:*:*"
            ],
            "extracted_events": [
                {
                    "fixed": "1.1.6"
                }
            ],
            "source": "CPE_RANGE",
            "vendor_product": "ht_slider_range_for_amazon_affiliates_project:ht_slider_range_for_amazon_affiliates"
        },
        {
            "cpes": [
                "cpe:2.3:a:ptwooplugins:invoicing_with_invoicexpress_for_woocommerce:*:*:*:*:*:wordpress:*:*"
            ],
            "extracted_events": [
                {
                    "fixed": "3.0.3"
                }
            ],
            "source": "CPE_RANGE",
            "vendor_product": "ptwooplugins:invoicing_with_invoicexpress_for_woocommerce"
        },
        {
            "cpes": [
                "cpe:2.3:a:qiwi:woo-qiwi-payment-gateway:*:*:*:*:*:wordpress:*:*"
            ],
            "extracted_events": [
                {
                    "last_affected": "0.0.9"
                }
            ],
            "source": "CPE_RANGE",
            "vendor_product": "qiwi:woo-qiwi-payment-gateway"
        },
        {
            "cpes": [
                "cpe:2.3:a:shopello_api_project:shopello_api:*:*:*:*:*:wordpress:*:*"
            ],
            "extracted_events": [
                {
                    "last_affected": "2.9.0"
                }
            ],
            "source": "CPE_RANGE",
            "vendor_product": "shopello_api_project:shopello_api"
        },
        {
            "cpes": [
                "cpe:2.3:a:teamleade:teamleader_crm_forms:*:*:*:*:*:wordpress:*:*"
            ],
            "extracted_events": [
                {
                    "fixed": "2.1.0"
                }
            ],
            "source": "CPE_RANGE",
            "vendor_product": "teamleade:teamleader_crm_forms"
        }
    ]
}
References

Affected packages

Git / github.com/php-mod/curl

Affected ranges

Type
GIT
Repo
https://github.com/php-mod/curl
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2.3.2"
        }
    ],
    "cpe": "cpe:2.3:a:php_curl_class_project:php_curl_class:*:*:*:*:*:*:*:*",
    "source": "CPE_RANGE"
}

Affected versions

1.*
1.0
1.1.1
1.1.2
1.1.3
1.1.4
1.1.5
1.2.0
1.2.1
1.3.0
1.4.0
1.5.0
1.6.0
1.6.1
1.7.0
1.7.1
1.8.0
1.9.0
1.9.1
1.9.2
1.9.3
2.*
2.0.0
2.1.0
2.2.0
2.3.0
2.3.1
v1.*
v1.1.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-30134.json"