CVE-2021-23835 - OpenCVE

An issue was discovered in flatCore before 2.0.0 build 139. A local file disclosure vulnerability was identified in the docs_file HTTP request body parameter for the acp interface. This can be exploited with admin access rights. The affected parameter (which retrieves the contents of the specified file) was found to be accepting malicious user input without proper sanitization, thus leading to retrieval of backend server sensitive files, e.g., /etc/passwd, SQLite database files, PHP source code, etc.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:S/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Flatcore	Flatcore

Configuration 1 [-]

cpe:2.3:a:flatcore:flatcore:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://packetstormsecurity.com/files/160936/flatCore-CMS-XSS-File-Disclosure-SQL-Injection.html
https://github.com/flatCore/flatCore-CMS
https://sec-consult.com/vulnerability-lab/

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2021-01-15T06:25:46

Updated: 2024-08-03T19:14:08.801Z

Reserved: 2021-01-11T00:00:00

Link: CVE-2021-23835

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-01-15T07:15:13.970

Modified: 2021-01-22T16:14:46.427

Link: CVE-2021-23835

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in flatCore before 2.0.0 build 139. A local file disclosure vulnerability was identified in the docs_file HTTP request body parameter for the acp interface. This can be exploited with admin access rights. The affected parameter (which retrieves the contents of the specified file) was found to be accepting malicious user input without proper sanitization, thus leading to retrieval of backend server sensitive files, e.g., /etc/passwd, SQLite database files, PHP source code, etc."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-01-15T06:25:46", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/flatCore/flatCore-CMS"}, {"tags": ["x_refsource_MISC"], "url": "https://sec-consult.com/vulnerability-lab/"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/160936/flatCore-CMS-XSS-File-Disclosure-SQL-Injection.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-23835", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in flatCore before 2.0.0 build 139. A local file disclosure vulnerability was identified in the docs_file HTTP request body parameter for the acp interface. This can be exploited with admin access rights. The affected parameter (which retrieves the contents of the specified file) was found to be accepting malicious user input without proper sanitization, thus leading to retrieval of backend server sensitive files, e.g., /etc/passwd, SQLite database files, PHP source code, etc."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/flatCore/flatCore-CMS", "refsource": "MISC", "url": "https://github.com/flatCore/flatCore-CMS"}, {"name": "https://sec-consult.com/vulnerability-lab/", "refsource": "MISC", "url": "https://sec-consult.com/vulnerability-lab/"}, {"name": "http://packetstormsecurity.com/files/160936/flatCore-CMS-XSS-File-Disclosure-SQL-Injection.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/160936/flatCore-CMS-XSS-File-Disclosure-SQL-Injection.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T19:14:08.801Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/flatCore/flatCore-CMS"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://sec-consult.com/vulnerability-lab/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/160936/flatCore-CMS-XSS-File-Disclosure-SQL-Injection.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-23835", "datePublished": "2021-01-15T06:25:46", "dateReserved": "2021-01-11T00:00:00", "dateUpdated": "2024-08-03T19:14:08.801Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:flatcore:flatcore:*:*:*:*:*:*:*:*", "matchCriteriaId": "295D969A-0491-4679-8414-BDCCA13B7563", "versionEndIncluding": "2.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in flatCore before 2.0.0 build 139. A local file disclosure vulnerability was identified in the docs_file HTTP request body parameter for the acp interface. This can be exploited with admin access rights. The affected parameter (which retrieves the contents of the specified file) was found to be accepting malicious user input without proper sanitization, thus leading to retrieval of backend server sensitive files, e.g., /etc/passwd, SQLite database files, PHP source code, etc."}, {"lang": "es", "value": "Se detect\u00f3 un problema en flatCore versiones anteriores a 2.0.0 compilaci\u00f3n 139. Se identific\u00f3 una vulnerabilidad de divulgaci\u00f3n de archivos locales en el par\u00e1metro del cuerpo de una petici\u00f3n HTTP docs_file body para la interfaz acp. Esto puede ser explotado con derechos de acceso de administrador. Se encontr\u00f3 que el par\u00e1metro afectado (que recupera el contenido del archivo especificado) acepta la entrada de usuarios maliciosos sin un saneamiento apropiado, conllevando entonces a una recuperaci\u00f3n de archivos confidenciales del servidor del backend, por ejemplo, /etc/passwd, archivos de la base de datos SQLite, c\u00f3digo fuente PHP, etc"}], "id": "CVE-2021-23835", "lastModified": "2021-01-22T16:14:46.427", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-01-15T07:15:13.970", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/160936/flatCore-CMS-XSS-File-Disclosure-SQL-Injection.html"}, {"source": "cve@mitre.org", "tags": ["Product", "Third Party Advisory"], "url": "https://github.com/flatCore/flatCore-CMS"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://sec-consult.com/vulnerability-lab/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}