Path traversal in Pimcore

#VU75576 Path traversal in Pimcore

Published: 2023-04-28

Vulnerability identifier: #VU75576

Vulnerability risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-30852

CWE-ID: CWE-22

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Pimcore
Web applications / CMS

Vendor: Pimcore

Description

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences in Admin JS CSS files within the "scriptPath" parameter. A remote user can send a specially crafted HTTP request and read arbitrary files on the system.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Pimcore: 10.5.0 - 10.5.20

External links
http://github.com/pimcore/pimcore/commit/498cadec2292f7842fb10612068ac78496e884b4.patch
http://github.com/pimcore/pimcore/pull/14959
http://github.com/pimcore/pimcore/security/advisories/GHSA-j5c3-r84f-9596

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Pimcore