SB2019091501 - Multiple vulnerabilities in Pimcore



SB2019091501 - Multiple vulnerabilities in Pimcore

Published: September 15, 2019

Security Bulletin ID SB2019091501
CSH Severity
Medium
Patch available
YES
Number of vulnerabilities 2
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 vulnerabilities.


1) Input validation error (CVE-ID: CVE-2019-16318)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient validation of long files names. A remote authenticated attacker can supply a .php file with name that contains 256 characters, bypass the implemented security mechanisms that was supposed to change the uploaded file extension into .php.txt file, and execute arbitrary PHP code on the system.


2) Path traversal (CVE-ID: CVE-2019-16317)

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences within the file names. A remote authenticated attacker can create a specially crafted .phar file and execute arbitrary code on the system via a phar:// URL in a filename parameter that contains directory traversal characters 


Remediation

Install update from vendor's website.