Published: 30/07/2021 Updated: 22/09/2021

CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8

CVSS v3 Base Score: 7.2 | Impact Score: 5.9 | Exploitability Score: 1.2

VMScore: 578

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

Concrete5 up to and including 8.5.5 deserializes Untrusted Data. The vulnerable code is located within the controllers/single_page/dashboard/system/environment/logging.php Logging::update_logging() method. User input passed through the logFile request parameter is not properly sanitized before being used in a call to the file_exists() PHP function. This can be exploited by malicious users to inject arbitrary PHP objects into the application scope (PHP Object Injection via phar:// stream wrapper), allowing them to carry out a variety of attacks, such as executing arbitrary PHP code.

Vulnerable Product	Search on Vulmon	Subscribe to Product
concretecms concrete cms

Full Disclosure mailing list archives   By Date By Thread </form>    [KIS-2021-05] Concrete5 <= 855 (Logging Settings) Phar Deserialization Vulnerability  ...

CWE-502 http://seclists.org/fulldisclosure/2021/Jul/36 http://packetstormsecurity.com/files/163564/Concrete5-8.5.5-Phar-Deserialization.html https://hackerone.com/reports/1063039 https://nvd.nist.gov http://seclists.org/fulldisclosure/2021/Jul/36

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2021-36766

Vulnerability Summary

Vulnerability Trend

Mailing Lists

References

Vulmon Search

About

Products

Connect