Moderate severityNVD Advisory· Published Dec 26, 2022· Updated Apr 14, 2025

CVE-2021-30134

Description

php-mod/curl (a wrapper of the PHP cURL extension) before 2.3.2 allows XSS via the post_file_path_upload.php key parameter and the POST data to post_multidimensional.php.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
php-mod/curlPackagist	< 2.3.2	2.3.2

Affected products

php-mod/curldescription
ghsa-coords
pkg:composer/php-mod/curl
Range: < 2.3.2

Patches

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/advisories/GHSA-f8p3-q834-q9cjghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2021-30134ghsaADVISORY
github.com/php-mod/curl/commit/0bddefe8bbd292065f23dd6e24d2c745c4865cf7ghsaWEB
wpscan.com/vulnerability/0b547728-27d2-402e-ae17-90d539344ec7ghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.001
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000