CVE-2021-23340 - OpenCVE

This affects the package pimcore/pimcore before 6.8.8. A Local FIle Inclusion vulnerability exists in the downloadCsvAction function of the CustomReportController class (bundles/AdminBundle/Controller/Reports/CustomReportController.php). An authenticated user can reach this function with a GET request at the following endpoint: /admin/reports/custom-report/download-csv?exportFile=&91;filename]. Since exportFile variable is not sanitized, an attacker can exploit a local file inclusion vulnerability.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:S/C:P/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Pimcore	Pimcore

Configuration 1 [-]

cpe:2.3:a:pimcore:pimcore:*:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/pimcore/pimcore/blob/v6.7.2/bundles/AdminBundle/Controller/Reports/CustomReportController.php%23L454	Broken Link Third Party Advisory
https://github.com/pimcore/pimcore/commit/1786bdd4962ee51544fad537352c2b4223309442	Patch Third Party Advisory
https://snyk.io/vuln/SNYK-PHP-PIMCOREPIMCORE-1070132	Exploit Patch Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: snyk

Published: 2021-02-18T00:00:00

Updated: 2021-02-18T14:25:14

Reserved: 2021-01-08T00:00:00

Link: CVE-2021-23340

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-02-18T15:15:14.953

Modified: 2021-02-25T17:21:09.590

Link: CVE-2021-23340

JSON object: View

Redhat Information

No data.

CWE

CWE-22

{"containers": {"cna": {"affected": [{"product": "pimcore/pimcore", "vendor": "n/a", "versions": [{"lessThan": "6.8.8", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Daniele Scanu"}], "datePublic": "2021-02-18T00:00:00", "descriptions": [{"lang": "en", "value": "This affects the package pimcore/pimcore before 6.8.8. A Local FIle Inclusion vulnerability exists in the downloadCsvAction function of the CustomReportController class (bundles/AdminBundle/Controller/Reports/CustomReportController.php). An authenticated user can reach this function with a GET request at the following endpoint: /admin/reports/custom-report/download-csv?exportFile=&91;filename]. Since exportFile variable is not sanitized, an attacker can exploit a local file inclusion vulnerability."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitCodeMaturity": "FUNCTIONAL", "integrityImpact": "LOW", "privilegesRequired": "LOW", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 6.6, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N/E:F/RL:O/RC:C", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"description": "Local File Inclusion", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-02-18T14:25:14", "orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "shortName": "snyk"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://snyk.io/vuln/SNYK-PHP-PIMCOREPIMCORE-1070132"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/pimcore/pimcore/blob/v6.7.2/bundles/AdminBundle/Controller/Reports/CustomReportController.php%23L454"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/pimcore/pimcore/commit/1786bdd4962ee51544fad537352c2b4223309442"}], "title": "Local File Inclusion", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "report@snyk.io", "DATE_PUBLIC": "2021-02-18T14:21:22.615516Z", "ID": "CVE-2021-23340", "STATE": "PUBLIC", "TITLE": "Local File Inclusion"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "pimcore/pimcore", "version": {"version_data": [{"version_affected": "<", "version_value": "6.8.8"}]}}]}, "vendor_name": "n/a"}]}}, "credit": [{"lang": "eng", "value": "Daniele Scanu"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "This affects the package pimcore/pimcore before 6.8.8. A Local FIle Inclusion vulnerability exists in the downloadCsvAction function of the CustomReportController class (bundles/AdminBundle/Controller/Reports/CustomReportController.php). An authenticated user can reach this function with a GET request at the following endpoint: /admin/reports/custom-report/download-csv?exportFile=&91;filename]. Since exportFile variable is not sanitized, an attacker can exploit a local file inclusion vulnerability."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N/E:F/RL:O/RC:C", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Local File Inclusion"}]}]}, "references": {"reference_data": [{"name": "https://snyk.io/vuln/SNYK-PHP-PIMCOREPIMCORE-1070132", "refsource": "MISC", "url": "https://snyk.io/vuln/SNYK-PHP-PIMCOREPIMCORE-1070132"}, {"name": "https://github.com/pimcore/pimcore/blob/v6.7.2/bundles/AdminBundle/Controller/Reports/CustomReportController.php%23L454", "refsource": "MISC", "url": "https://github.com/pimcore/pimcore/blob/v6.7.2/bundles/AdminBundle/Controller/Reports/CustomReportController.php%23L454"}, {"name": "https://github.com/pimcore/pimcore/commit/1786bdd4962ee51544fad537352c2b4223309442", "refsource": "MISC", "url": "https://github.com/pimcore/pimcore/commit/1786bdd4962ee51544fad537352c2b4223309442"}]}}}}, "cveMetadata": {"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "assignerShortName": "snyk", "cveId": "CVE-2021-23340", "datePublished": "2021-02-18T00:00:00", "dateReserved": "2021-01-08T00:00:00", "dateUpdated": "2021-02-18T14:25:14", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pimcore:pimcore:*:*:*:*:*:*:*:*", "matchCriteriaId": "815CB9D7-CE44-4E76-8F5E-EAAC9BC8F7F5", "versionEndExcluding": "6.8.8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "This affects the package pimcore/pimcore before 6.8.8. A Local FIle Inclusion vulnerability exists in the downloadCsvAction function of the CustomReportController class (bundles/AdminBundle/Controller/Reports/CustomReportController.php). An authenticated user can reach this function with a GET request at the following endpoint: /admin/reports/custom-report/download-csv?exportFile=&91;filename]. Since exportFile variable is not sanitized, an attacker can exploit a local file inclusion vulnerability."}, {"lang": "es", "value": "Esto afecta al paquete pimcore/pimcore versiones anteriores a 6.8.8. Se presenta una vulnerabilidad de inclusi\u00f3n de archivo local en la funci\u00f3n downloadCsvAction de la clase CustomReportController (bundles/AdminBundle/Controller/Reports/CustomReportController.php). Un usuario autenticado puede acceder a esta funci\u00f3n con una petici\u00f3n GET en el siguiente endpoint: /admin/reports/custom-report/download-csv?exportFile=&91;filename]. Dado que la variable exportFile no est\u00e1 saneada, un atacante puede explotar una vulnerabilidad de inclusi\u00f3n de archivos locales"}], "id": "CVE-2021-23340", "lastModified": "2021-02-25T17:21:09.590", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 5.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 4.2, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 4.2, "source": "report@snyk.io", "type": "Secondary"}]}, "published": "2021-02-18T15:15:14.953", "references": [{"source": "report@snyk.io", "tags": ["Broken Link", "Third Party Advisory"], "url": "https://github.com/pimcore/pimcore/blob/v6.7.2/bundles/AdminBundle/Controller/Reports/CustomReportController.php%23L454"}, {"source": "report@snyk.io", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/pimcore/pimcore/commit/1786bdd4962ee51544fad537352c2b4223309442"}, {"source": "report@snyk.io", "tags": ["Exploit", "Patch", "Third Party Advisory"], "url": "https://snyk.io/vuln/SNYK-PHP-PIMCOREPIMCORE-1070132"}], "sourceIdentifier": "report@snyk.io", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}