CVE-2024-23646 - OpenCVE

Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. The application allows users to create zip files from available files on the site. In the 1.x branch prior to version 1.3.2, parameter `selectedIds` is susceptible to SQL Injection. Any backend user with very basic permissions can execute arbitrary SQL statements and thus alter any data or escalate their privileges to at least admin level. Version 1.3.2 contains a fix for this issue.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Pimcore	Admin Classic Bundle

Configuration 1 [-]

cpe:2.3:a:pimcore:admin_classic_bundle:*:*:*:*:*:pimcore:*:*

References

Link	Resource
https://github.com/pimcore/admin-ui-classic-bundle/blob/1.x/src/Controller/Admin/Asset/AssetController.php#L2006	Issue Tracking
https://github.com/pimcore/admin-ui-classic-bundle/blob/1.x/src/Controller/Admin/Asset/AssetController.php#L2087	Issue Tracking
https://github.com/pimcore/admin-ui-classic-bundle/commit/363afef29496cc40a8b863c2ca2338979fcf50a8	Patch
https://github.com/pimcore/admin-ui-classic-bundle/releases/tag/v1.3.2	Release Notes
https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-cwx6-4wmf-c6xv	Exploit Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-01-24T19:41:49.578Z

Updated: 2024-01-24T19:41:49.578Z

Reserved: 2024-01-19T00:18:53.234Z

Link: CVE-2024-23646

JSON object: View

NVD Information

Status : Analyzed

Published: 2024-01-24T20:15:53.877

Modified: 2024-01-31T21:10:54.027

Link: CVE-2024-23646

JSON object: View

Redhat Information

No data.

CWE

CWE-89

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2024-23646", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-01-19T00:18:53.234Z", "datePublished": "2024-01-24T19:41:49.578Z", "dateUpdated": "2024-01-24T19:41:49.578Z"}, "containers": {"cna": {"title": "Pimcore Admin Classic Bundle SQL Injection in Admin download files as zip", "problemTypes": [{"descriptions": [{"cweId": "CWE-89", "lang": "en", "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-cwx6-4wmf-c6xv", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-cwx6-4wmf-c6xv"}, {"name": "https://github.com/pimcore/admin-ui-classic-bundle/commit/363afef29496cc40a8b863c2ca2338979fcf50a8", "tags": ["x_refsource_MISC"], "url": "https://github.com/pimcore/admin-ui-classic-bundle/commit/363afef29496cc40a8b863c2ca2338979fcf50a8"}, {"name": "https://github.com/pimcore/admin-ui-classic-bundle/blob/1.x/src/Controller/Admin/Asset/AssetController.php#L2006", "tags": ["x_refsource_MISC"], "url": "https://github.com/pimcore/admin-ui-classic-bundle/blob/1.x/src/Controller/Admin/Asset/AssetController.php#L2006"}, {"name": "https://github.com/pimcore/admin-ui-classic-bundle/blob/1.x/src/Controller/Admin/Asset/AssetController.php#L2087", "tags": ["x_refsource_MISC"], "url": "https://github.com/pimcore/admin-ui-classic-bundle/blob/1.x/src/Controller/Admin/Asset/AssetController.php#L2087"}, {"name": "https://github.com/pimcore/admin-ui-classic-bundle/releases/tag/v1.3.2", "tags": ["x_refsource_MISC"], "url": "https://github.com/pimcore/admin-ui-classic-bundle/releases/tag/v1.3.2"}], "affected": [{"vendor": "pimcore", "product": "admin-ui-classic-bundle", "versions": [{"version": ">= 1.0.0, < 1.3.2", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-01-24T19:41:49.578Z"}, "descriptions": [{"lang": "en", "value": "Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. The application allows users to create zip files from available files on the site. In the 1.x branch prior to version 1.3.2, parameter `selectedIds` is susceptible to SQL Injection. Any backend user with very basic permissions can execute arbitrary SQL statements and thus alter any data or escalate their privileges to at least admin level. Version 1.3.2 contains a fix for this issue.\n"}], "source": {"advisory": "GHSA-cwx6-4wmf-c6xv", "discovery": "UNKNOWN"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pimcore:admin_classic_bundle:*:*:*:*:*:pimcore:*:*", "matchCriteriaId": "24A89A76-A47D-4D85-8E64-01F3B4EE170E", "versionEndExcluding": "1.3.2", "versionStartIncluding": "1.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. The application allows users to create zip files from available files on the site. In the 1.x branch prior to version 1.3.2, parameter `selectedIds` is susceptible to SQL Injection. Any backend user with very basic permissions can execute arbitrary SQL statements and thus alter any data or escalate their privileges to at least admin level. Version 1.3.2 contains a fix for this issue.\n"}, {"lang": "es", "value": "El paquete Admin Classic de Pimcore proporciona una interfaz de usuario backend para Pimcore. La aplicaci\u00f3n permite a los usuarios crear archivos zip a partir de archivos disponibles en el sitio. En la rama 1.x anterior a la versi\u00f3n 1.3.2, el par\u00e1metro `selectedIds` es susceptible a la inyecci\u00f3n SQL. Cualquier usuario de backend con permisos muy b\u00e1sicos puede ejecutar declaraciones SQL arbitrarias y as\u00ed alterar cualquier dato o escalar sus privilegios al menos al nivel de administrador. La versi\u00f3n 1.3.2 contiene una soluci\u00f3n para este problema."}], "id": "CVE-2024-23646", "lastModified": "2024-01-31T21:10:54.027", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2024-01-24T20:15:53.877", "references": [{"source": "security-advisories@github.com", "tags": ["Issue Tracking"], "url": "https://github.com/pimcore/admin-ui-classic-bundle/blob/1.x/src/Controller/Admin/Asset/AssetController.php#L2006"}, {"source": "security-advisories@github.com", "tags": ["Issue Tracking"], "url": "https://github.com/pimcore/admin-ui-classic-bundle/blob/1.x/src/Controller/Admin/Asset/AssetController.php#L2087"}, {"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/pimcore/admin-ui-classic-bundle/commit/363afef29496cc40a8b863c2ca2338979fcf50a8"}, {"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/pimcore/admin-ui-classic-bundle/releases/tag/v1.3.2"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-cwx6-4wmf-c6xv"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "security-advisories@github.com", "type": "Primary"}]}