Multiple vulnerabilities in Pimcore



Published: 2019-09-15
Risk Medium
Patch available YES
Number of vulnerabilities 2
CVE-ID CVE-2019-16318
CVE-2019-16317
CWE-ID CWE-20
CWE-22
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
Pimcore
Web applications / CMS

Vendor Pimcore

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Input validation error

EUVDB-ID: #VU21108

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-16318

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient validation of long files names. A remote authenticated attacker can supply a .php file with name that contains 256 characters, bypass the implemented security mechanisms that was supposed to change the uploaded file extension into .php.txt file, and execute arbitrary PHP code on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Pimcore: 5.7.0

External links

http://github.com/pimcore/pimcore/commit/732f1647cc6e0a29b5b1f5d904b4d726b5e9455f


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Path traversal

EUVDB-ID: #VU21107

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-16317

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences within the file names. A remote authenticated attacker can create a specially crafted .phar file and execute arbitrary code on the system via a phar:// URL in a filename parameter that contains directory traversal characters 

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Pimcore: 5.7.0

External links

http://github.com/pimcore/pimcore/commit/6ee5d8536d0802e377594cbe39083e822710aab9


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###