Pimcore Admin Classic Bundle <1.2.1: Full Path Disclosure via fopen
CVE-2023-47636 Published on November 15, 2023

Full Path Disclosure via re-export document in pimcore/admin-ui-classic-bundle
The Pimcore Admin Classic Bundle provides a Backend UI for Pimcore. Full Path Disclosure (FPD) vulnerabilities enable the attacker to see the path to the webroot/file. e.g.: /home/omg/htdocs/file/. Certain vulnerabilities, such as using the load_file() (within a SQL Injection) query to view the page source, require the attacker to have the full path to the file they wish to view. In the case of pimcore, the fopen() function here doesn't have an error handle when the file doesn't exist on the server so the server response raises the full path "fopen(/var/www/html/var/tmp/export-{ uniqe id}.csv)". This issue has been patched in commit `10d178ef771` which has been included in release version 1.2.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Github Repository NVD

Vulnerability Analysis

CVE-2023-47636 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. An automatable proof of concept (POC) exploit exists. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity and availability.

Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
LOW
Integrity Impact:
NONE
Availability Impact:
NONE

Weakness Type

Generation of Error Message Containing Sensitive Information

The software generates an error message that includes sensitive information about its environment, users, or associated data.


Products Associated with CVE-2023-47636

Want to know whenever a new CVE is published for Pimcore Admin Classic Bundle? stack.watch will email you.

Pimcore Admin Classic Bundle
 

Affected Versions

pimcore admin-ui-classic-bundle Version < 1.2.1 is affected by CVE-2023-47636

Vulnerable Packages

The following package name and versions may be associated with CVE-2023-47636

Package Manager Vulnerable Package Versions Fixed In
composer pimcore/admin-ui-classic-bundle < 1.2.1 1.2.1

Exploit Probability

EPSS
0.01%
Percentile
0.19%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.