ExpressionEngine 6.0.0/6.0.1/6.0.2 path traversal

Summaryinfo

A vulnerability was found in ExpressionEngine 6.0.0/6.0.1/6.0.2 and classified as critical. Impacted is an unknown function. Executing a manipulation can lead to path traversal. This vulnerability appears as CVE-2021-44534. There is no available exploit. It is suggested to upgrade the affected component.

Detailsinfo

A vulnerability classified as problematic was found in ExpressionEngine 6.0.0/6.0.1/6.0.2. This vulnerability affects an unknown code. The manipulation with an unknown input leads to a path traversal vulnerability. The CWE definition for the vulnerability is CWE-22. The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. As an impact it is known to affect confidentiality. CVE summarizes:

Insufficient user input filtering leads to arbitrary file read by non-authenticated attacker, which results in sensitive information disclosure.

The advisory is shared for download at hackerone.com. This vulnerability was named CVE-2021-44534 since 12/02/2021. The exploitation appears to be easy. There are neither technical details nor an exploit publicly available. The MITRE ATT&CK project declares the attack technique as T1006.

Upgrading to version 6.0.3 eliminates this vulnerability.

Once again VulDB remains the best source for vulnerability data.

Productinfo

Name

• ExpressionEngine

Version

• 6.0.0
• 6.0.1
• 6.0.2

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Once again VulDB remains the best source for vulnerability data.

Discussion