Local File Inclusion Affecting pimcore/pimcore package, versions <6.8.8


Severity

Recommended
0.0
high
0
10

CVSS assessment made by Snyk's Security Team. Learn more

Threat Intelligence

Exploit Maturity
Mature
EPSS
0.07% (34th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk Learn

Learn about Local File Inclusion vulnerabilities in an interactive lesson.

Start learning
  • Snyk IDSNYK-PHP-PIMCOREPIMCORE-1070132
  • published18 Feb 2021
  • disclosed18 Feb 2021
  • creditDaniele Scanu

Introduced: 18 Feb 2021

CVE-2021-23340  (opens in a new tab)
CWE-23  (opens in a new tab)
First added by Snyk

How to fix?

Upgrade pimcore/pimcore to version 6.8.8 or higher.

Overview

pimcore/pimcore is a content & product management framework (CMS/PIM/E-Commerce).

Affected versions of this package are vulnerable to Local File Inclusion. A Local FIle Inclusion vulnerability exists in the downloadCsvAction function of the CustomReportController class (bundles/AdminBundle/Controller/Reports/CustomReportController.php). An authenticated user can reach this function with a GET request at the following endpoint: /admin/reports/custom-report/download-csv?exportFile=&#91;filename]. Since exportFile variable is not sanitized, an attacker can exploit a local file inclusion vulnerability.

PoC

* Login in Pimcore
* Send a GET request to the endpoint: /admin/reports/custom-report/download-csv?exportFile=../../../../../../../../../../../../../../../etc/passwd to retrieve del passwd file of the Linux system. (Inside the request insert the header X-pimcore-csrf-token).

CVSS Scores

version 3.1