Pimcore up to <=11.5.3 add-asset-compatibility dir path traversal

Summaryinfo

A vulnerability categorized as critical has been discovered in Pimcore. Affected is an unknown function of the file admin/asset/add-asset-compatibility. The manipulation of the argument dir results in path traversal. This vulnerability is cataloged as CVE-2015-4425. Furthermore, there is an exploit available. It is advisable to upgrade the affected component.

Detailsinfo

A vulnerability classified as critical has been found in Pimcore. Affected is an unknown functionality of the file admin/asset/add-asset-compatibility. The manipulation of the argument dir with an unknown input leads to a path traversal vulnerability. CWE is classifying the issue as CWE-22. The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. This is going to have an impact on confidentiality, integrity, and availability. CVE summarizes:

Directory traversal vulnerability in pimcore before build 3473 allows remote authenticated users with the "assets" permission to create or write to arbitrary files via a .. (dot dot) in the dir parameter to admin/asset/add-asset-compatibility.

The weakness was shared 08/18/2015 (Website). The advisory is available at portcullis-security.com. This vulnerability is traded as CVE-2015-4425 since 06/08/2015. It is possible to launch the attack remotely. The successful exploitation needs a authentication. Technical details and a public exploit are known. This vulnerability is assigned to T1006 by the MITRE ATT&CK project.

A public exploit has been developed by Portcullis and been published before and not just after the advisory. The exploit is shared for download at exploit-db.com. It is declared as proof-of-concept. The vulnerability was handled as a non-public zero-day exploit for at least 35 days. During that time the estimated underground price was around $0-$5k.

Upgrading to version Build 3473 eliminates this vulnerability.

The vulnerability is also documented in the vulnerability database at Exploit-DB (37609). The entry VDB-77275 is related to this item. If you want to get best quality of vulnerability data, you may have to visit VulDB.

Productinfo

Type

• Information Management Software

Name

• Pimcore

Version

• 1.4.9
• 1.5.0
• 1.5.17
• 2.1.0
• 2.2.0
• 3.1.16
• 4.1.6
• 4.1.7
• 5.3.0
• 5.7.1
• 6.2.2
• 6.2.3
• 6.3.0
• 6.8.3
• 6.8.5
• 6.8.8
• 10.0.7
• 10.1.1
• 10.1.2
• 10.1.3
• 10.2
• 10.2.7
• 10.2.9
• 10.2.10
• 10.3.1
• 10.3.2
• 10.3.3
• 10.3.5
• 10.3.6
• 10.4
• 10.4.0
• 10.4.4
• 10.5.4
• 10.5.6
• 10.5.9
• 10.5.14
• 10.5.15
• 10.5.16
• 10.5.18
• 10.5.19
• 10.5.20
• 10.5.21
• 10.5.22
• 10.5.23
• 10.5.24
• 10.6.4
• 10.6.7
• 10.6.8
• 11.0.0
• 11.1.0
• 11.1.6.1
• 11.2.1
• 11.2.2
• 11.2.4
• 11.4.2
• 11.5.4
• <=1.5.16
• <=3.1.15
• <=5.2
• <=5.7.0
• <=6.2
• <=6.2.1
• <=6.8.2
• <=6.8.4
• <=6.8.7
• <=9.2
• <=10
• <=10.0.6
• <=10.1
• <=10.1.0
• <=10.1.1
• <=10.1.2
• <=10.2.6
• <=10.2.8
• <=10.2.9
• <=10.3
• <=10.3.0
• <=10.3.1
• <=10.3.2
• <=10.3.4
• <=10.3.5
• <=10.4.3
• <=10.5.3
• <=10.5.5
• <=10.5.8
• <=10.5.13
• <=10.5.15
• <=10.5.17
• <=10.5.18
• <=10.5.19
• <=10.5.20
• <=10.5.21
• <=10.5.22
• <=10.5.23
• <=10.6.3
• <=10.6.7
• <=11.0
• <=11.1.6.0
• <=11.2.3
• <=11.5.3

License

• open-source

Website

• Product: https://github.com/pimcore/pimcore/

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Discussion