CVE-2021-23340 — Path traversal in pimcore/pimcore

Description

This affects the package pimcore/pimcore before 6.8.8. A Local FIle Inclusion vulnerability exists in the downloadCsvAction function of the CustomReportController class (bundles/AdminBundle/Controller/Reports/CustomReportController.php). An authenticated user can reach this function with a GET request at the following endpoint: /admin/reports/custom-report/download-csv?exportFile=&91;filename]. Since exportFile variable is not sanitized, an attacker can exploit a local file inclusion vulnerability.

How to fix CVE-2021-23340

To remediate CVE-2021-23340, upgrade the affected package to a fixed version below.

—upgrade to 6.8.8 or later

Is CVE-2021-23340 being exploited?

Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

from 0, < 6.8.8

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.1	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

References (4)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2021-23340
WEBgithub.com/pimcore/pimcore/blob/v6.7.2/bundles/AdminBundle/Controller/Reports/CustomReportController.php%23L454
WEBgithub.com/pimcore/pimcore/commit/1786bdd4962ee51544fad537352c2b4223309442
WEBsnyk.io/vuln/SNYK-PHP-PIMCOREPIMCORE-1070132