CVE-2023-47636

Description

### Impact Full Path Disclosure (FPD) vulnerabilities enable the attacker to see the path to the webroot/file. e.g.: /home/omg/htdocs/file/. Certain vulnerabilities, such as using the load_file() (within a SQL Injection) query to view the page source, require the attacker to have the full path to the file they wish to view. In the case of pimcore, the fopen() function here doesn't have an error handle when the file doesn't exist on the server so the server response raises the full path "fopen(/var/www/html/var/tmp/export-{ uniqe id}.csv)" ### Patches Apply patch https://github.com/pimcore/admin-ui-classic-bundle/commit/10d178ef771097604a256c1192b098af9ec57a87.patch ### Workarounds Update to version 1.2.1 or apply [patches](https://github.com/pimcore/admin-ui-classic-bundle/commit/10d178ef771097604a256c1192b098af9ec57a87.patch) manually ### References https://huntr.com/bounties/4af4db18-9fd4-43e9-8bc6-c88aaf76839c/

How to fix CVE-2023-47636

To remediate CVE-2023-47636, upgrade the affected package to a fixed version below.

• —upgrade to 1.2.1 or later

Is CVE-2023-47636 being exploited?

Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 1.2.1

CVSS scores

References (5)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2023-47636
• PATCHgithub.com/pimcore/admin-ui-classic-bundle
• WEBgithub.com/pimcore/admin-ui-classic-bundle/commit/10d178ef771097604a256c1192b098af9ec57a87
• WEBgithub.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-c8hj-w239-5gvf