Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.1
CVSSv3

CVE-2021-23340

Published: 18/02/2021 Updated: 25/02/2021
CVSS v2 Base Score: 5.5 | Impact Score: 4.9 | Exploitability Score: 8
CVSS v3 Base Score: 7.1 | Impact Score: 4.2 | Exploitability Score: 2.8
VMScore: 490
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:N

Vulnerability Summary

This affects the package pimcore/pimcore prior to 6.8.8. A Local FIle Inclusion vulnerability exists in the downloadCsvAction function of the CustomReportController class (bundles/AdminBundle/Controller/Reports/CustomReportController.php). An authenticated user can reach this function with a GET request at the following endpoint: /admin/reports/custom-report/download-csv?exportFile=&91;filename]. Since exportFile variable is not sanitized, an attacker can exploit a local file inclusion vulnerability.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

pimcore pimcore

References

CWE-22https://github.com/pimcore/pimcore/blob/v6.7.2/bundles/AdminBundle/Controller/Reports/CustomReportController.php%23L454https://github.com/pimcore/pimcore/commit/1786bdd4962ee51544fad537352c2b4223309442https://snyk.io/vuln/SNYK-PHP-PIMCOREPIMCORE-1070132https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310CVE-2024-21683CVE-2024-22187chromedeserializationXPath injectionCVE-2024-27842denial of serviceCVE-2024-24851googleCVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook