Vulnerability Description
This affects the package pimcore/pimcore before 6.8.8. A Local FIle Inclusion vulnerability exists in the downloadCsvAction function of the CustomReportController class (bundles/AdminBundle/Controller/Reports/CustomReportController.php). An authenticated user can reach this function with a GET request at the following endpoint: /admin/reports/custom-report/download-csv?exportFile=&91;filename]. Since exportFile variable is not sanitized, an attacker can exploit a local file inclusion vulnerability.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Pimcore | Pimcore | < 6.8.8 |
Related Weaknesses (CWE)
References
- https://github.com/pimcore/pimcore/blob/v6.7.2/bundles/AdminBundle/Controller/ReBroken LinkThird Party Advisory
- https://github.com/pimcore/pimcore/commit/1786bdd4962ee51544fad537352c2b42233094PatchThird Party Advisory
- https://snyk.io/vuln/SNYK-PHP-PIMCOREPIMCORE-1070132ExploitPatchThird Party Advisory
- https://github.com/pimcore/pimcore/blob/v6.7.2/bundles/AdminBundle/Controller/ReBroken LinkThird Party Advisory
- https://github.com/pimcore/pimcore/commit/1786bdd4962ee51544fad537352c2b42233094PatchThird Party Advisory
- https://snyk.io/vuln/SNYK-PHP-PIMCOREPIMCORE-1070132ExploitPatchThird Party Advisory
FAQ
What is CVE-2021-23340?
CVE-2021-23340 is a vulnerability with a CVSS score of 7.1 (HIGH). This affects the package pimcore/pimcore before 6.8.8. A Local FIle Inclusion vulnerability exists in the downloadCsvAction function of the CustomReportController class (bundles/AdminBundle/Controller...
How severe is CVE-2021-23340?
CVE-2021-23340 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-23340?
Check the references section above for vendor advisories and patch information. Affected products include: Pimcore Pimcore.