SB2021121549 - Multiple vulnerabilities in Sulu

Description

This security bulletin contains information about 2 vulnerabilities.

1) Incorrect User Management (CVE-ID: CVE-2021-43835)

The vulnerability allows a remote user to escalate privileges.

The vulnerability exists due to incorrect user management in the ProfileController putAction in the Sulu Admin panel when handling API requests. A remote user can modify their profile permissions to escalate privileges.

Only users who already have access to the admin UI are affected.

2) PHP file inclusion (CVE-ID: CVE-2021-43836)

The vulnerability allows a remote user to read arbitrary local files and execute arbitrary code.

The vulnerability exists due to improper control of file inclusion in the Sulu admin panel when processing crafted backend input. A remote user can trigger a PHP file include to read arbitrary local files and execute arbitrary code.

In a default configuration, the issue can lead to remote code execution.

Remediation

Install update from vendor's website.

References

• https://github.com/sulu/sulu/security/advisories/GHSA-84px-q68r-2fc9
• https://github.com/sulu/sulu
• https://github.com/sulu/sulu/security/advisories/GHSA-vx6j-pjrh-vgjh