CVE-2021-23340 - OpenCVE

This affects the package pimcore/pimcore before 6.8.8. A Local FIle Inclusion vulnerability exists in the downloadCsvAction function of the CustomReportController class (bundles/AdminBundle/Controller/Reports/CustomReportController.php). An authenticated user can reach this function with a GET request at the following endpoint: /admin/reports/custom-report/download-csv?exportFile=&91;filename]. Since exportFile variable is not sanitized, an attacker can exploit a local file inclusion vulnerability.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:S/C:P/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Pimcore	Pimcore

Configuration 1 [-]

cpe:2.3:a:pimcore:pimcore:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/pimcore/pimcore/blob/v6.7.2/bundles/AdminBundle/Controller/Reports/CustomReportController.php%23L454
https://github.com/pimcore/pimcore/commit/1786bdd4962ee51544fad537352c2b4223309442
https://snyk.io/vuln/SNYK-PHP-PIMCOREPIMCORE-1070132

History

No history.

MITRE

Status: PUBLISHED

Assigner: snyk

Published: 2021-02-18T14:25:14.352339Z

Updated: 2024-09-17T03:43:54.860Z

Reserved: 2021-01-08T00:00:00

Link: CVE-2021-23340

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-02-18T15:15:14.953

Modified: 2021-02-25T17:21:09.590

Link: CVE-2021-23340

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "pimcore/pimcore", "vendor": "n/a", "versions": [{"lessThan": "6.8.8", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Daniele Scanu"}], "datePublic": "2021-02-18T00:00:00", "descriptions": [{"lang": "en", "value": "This affects the package pimcore/pimcore before 6.8.8. A Local FIle Inclusion vulnerability exists in the downloadCsvAction function of the CustomReportController class (bundles/AdminBundle/Controller/Reports/CustomReportController.php). An authenticated user can reach this function with a GET request at the following endpoint: /admin/reports/custom-report/download-csv?exportFile=&91;filename]. Since exportFile variable is not sanitized, an attacker can exploit a local file inclusion vulnerability."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitCodeMaturity": "FUNCTIONAL", "integrityImpact": "LOW", "privilegesRequired": "LOW", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 6.6, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N/E:F/RL:O/RC:C", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"description": "Local File Inclusion", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-02-18T14:25:14", "orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "shortName": "snyk"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://snyk.io/vuln/SNYK-PHP-PIMCOREPIMCORE-1070132"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/pimcore/pimcore/blob/v6.7.2/bundles/AdminBundle/Controller/Reports/CustomReportController.php%23L454"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/pimcore/pimcore/commit/1786bdd4962ee51544fad537352c2b4223309442"}], "title": "Local File Inclusion", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "report@snyk.io", "DATE_PUBLIC": "2021-02-18T14:21:22.615516Z", "ID": "CVE-2021-23340", "STATE": "PUBLIC", "TITLE": "Local File Inclusion"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "pimcore/pimcore", "version": {"version_data": [{"version_affected": "<", "version_value": "6.8.8"}]}}]}, "vendor_name": "n/a"}]}}, "credit": [{"lang": "eng", "value": "Daniele Scanu"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "This affects the package pimcore/pimcore before 6.8.8. A Local FIle Inclusion vulnerability exists in the downloadCsvAction function of the CustomReportController class (bundles/AdminBundle/Controller/Reports/CustomReportController.php). An authenticated user can reach this function with a GET request at the following endpoint: /admin/reports/custom-report/download-csv?exportFile=&91;filename]. Since exportFile variable is not sanitized, an attacker can exploit a local file inclusion vulnerability."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N/E:F/RL:O/RC:C", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Local File Inclusion"}]}]}, "references": {"reference_data": [{"name": "https://snyk.io/vuln/SNYK-PHP-PIMCOREPIMCORE-1070132", "refsource": "MISC", "url": "https://snyk.io/vuln/SNYK-PHP-PIMCOREPIMCORE-1070132"}, {"name": "https://github.com/pimcore/pimcore/blob/v6.7.2/bundles/AdminBundle/Controller/Reports/CustomReportController.php%23L454", "refsource": "MISC", "url": "https://github.com/pimcore/pimcore/blob/v6.7.2/bundles/AdminBundle/Controller/Reports/CustomReportController.php%23L454"}, {"name": "https://github.com/pimcore/pimcore/commit/1786bdd4962ee51544fad537352c2b4223309442", "refsource": "MISC", "url": "https://github.com/pimcore/pimcore/commit/1786bdd4962ee51544fad537352c2b4223309442"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T19:05:55.886Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://snyk.io/vuln/SNYK-PHP-PIMCOREPIMCORE-1070132"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/pimcore/pimcore/blob/v6.7.2/bundles/AdminBundle/Controller/Reports/CustomReportController.php%23L454"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/pimcore/pimcore/commit/1786bdd4962ee51544fad537352c2b4223309442"}]}]}, "cveMetadata": {"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "assignerShortName": "snyk", "cveId": "CVE-2021-23340", "datePublished": "2021-02-18T14:25:14.352339Z", "dateReserved": "2021-01-08T00:00:00", "dateUpdated": "2024-09-17T03:43:54.860Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pimcore:pimcore:*:*:*:*:*:*:*:*", "matchCriteriaId": "815CB9D7-CE44-4E76-8F5E-EAAC9BC8F7F5", "versionEndExcluding": "6.8.8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "This affects the package pimcore/pimcore before 6.8.8. A Local FIle Inclusion vulnerability exists in the downloadCsvAction function of the CustomReportController class (bundles/AdminBundle/Controller/Reports/CustomReportController.php). An authenticated user can reach this function with a GET request at the following endpoint: /admin/reports/custom-report/download-csv?exportFile=&91;filename]. Since exportFile variable is not sanitized, an attacker can exploit a local file inclusion vulnerability."}, {"lang": "es", "value": "Esto afecta al paquete pimcore/pimcore versiones anteriores a 6.8.8. Se presenta una vulnerabilidad de inclusi\u00f3n de archivo local en la funci\u00f3n downloadCsvAction de la clase CustomReportController (bundles/AdminBundle/Controller/Reports/CustomReportController.php). Un usuario autenticado puede acceder a esta funci\u00f3n con una petici\u00f3n GET en el siguiente endpoint: /admin/reports/custom-report/download-csv?exportFile=&91;filename]. Dado que la variable exportFile no est\u00e1 saneada, un atacante puede explotar una vulnerabilidad de inclusi\u00f3n de archivos locales"}], "id": "CVE-2021-23340", "lastModified": "2021-02-25T17:21:09.590", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 5.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 4.2, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 4.2, "source": "report@snyk.io", "type": "Secondary"}]}, "published": "2021-02-18T15:15:14.953", "references": [{"source": "report@snyk.io", "tags": ["Broken Link", "Third Party Advisory"], "url": "https://github.com/pimcore/pimcore/blob/v6.7.2/bundles/AdminBundle/Controller/Reports/CustomReportController.php%23L454"}, {"source": "report@snyk.io", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/pimcore/pimcore/commit/1786bdd4962ee51544fad537352c2b4223309442"}, {"source": "report@snyk.io", "tags": ["Exploit", "Patch", "Third Party Advisory"], "url": "https://snyk.io/vuln/SNYK-PHP-PIMCOREPIMCORE-1070132"}], "sourceIdentifier": "report@snyk.io", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}