CVE Vulnerability

CVE-2021-23340

This affects the package pimcore/pimcore before 6.8.8. A Local FIle Inclusion vulnerability exists in the downloadCsvAction function of the CustomReportController class (bundles/AdminBundle/Controller/Reports/CustomReportController.php). An authenticated user can reach this function with a GET request at the following endpoint: /admin/reports/custom-report/download-csv?exportFile=&91;filename]. Since exportFile variable is not sanitized, an attacker can exploit a local file inclusion vulnerability.

5.5 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8 / Impact : 4.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

Scope

7.1 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 4.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://snyk.io/vuln/SNYK-PHP-PIMCOREPIMCORE-1070132 Exploit Patch
https://github.com/pimcore/pimcore/commit/1786bdd4962ee51544fad537352c2b4223309442 Patch Third Party Advisory
https://github.com/pimcore/pimcore/blob/v6.7.2/bundles/AdminBundle/Controller/Reports/CustomReportController.php%23L454 Broken Link Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:pimcore:pimcore:*:*:*:*:*:*:*:*
Information

Published : 2021-02-18 03:15

Updated : 2021-02-25 05:21

NVD link : CVE-2021-23340

Mitre link : CVE-2021-23340

Products Affected
No products.
CWE
CWE-22