SB2019091501 - Multiple vulnerabilities in Pimcore
Published: September 15, 2019
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 vulnerabilities.
1) Input validation error (CVE-ID: CVE-2019-16318)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient validation of long files names. A remote authenticated attacker can supply a .php file with name that contains 256 characters, bypass the implemented security mechanisms that was supposed to change the uploaded file extension into .php.txt file, and execute arbitrary PHP code on the system.
2) Path traversal (CVE-ID: CVE-2019-16317)
CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences within the file names. A remote authenticated attacker can create a specially crafted .phar file and execute arbitrary code on the system via a phar:// URL in a filename parameter that contains directory traversal characters
Remediation
Install update from vendor's website.