CVE-2023-2984
published 2023-05-30CVE-2023-2984: Path Traversal: '\..\filename' in GitHub repository pimcore/pimcore prior to 10.5.22.
PriorityP346high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.85%
53.7th percentile
Path Traversal: '\..\filename' in GitHub repository pimcore/pimcore prior to 10.5.22.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| pimcore | pimcore | < 10.5.22 | 10.5.22 |
| pimcore | pimcore | >= 0 < 10.5.22 | 10.5.22 |
| pimcore | pimcore_pimcore | >= unspecified < 10.5.22 | 10.5.22 |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv3.06.3MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Pimcore vulnerable to Pre-Auth Path Traversal in pimcore_log parameter
osv·2023-06-06
CVE-2023-2984 [MEDIUM] Pimcore vulnerable to Pre-Auth Path Traversal in pimcore_log parameter
Pimcore vulnerable to Pre-Auth Path Traversal in pimcore_log parameter
### Impact
A path traversal vulnerability exists in the CMS, which allows an attacker to overwrite or modify sensitive files by manipulating the `pimcore_log` parameter.This can lead to potential denial of service---key file overwrite.
The impact of this vulnerability allows attackers to:
- Overwrite or modify sensitive files, potentially leading to unauthorized access, privilege escalation, or disclosure of confidential information.
- Tamper with system settings by modifying key files, such as the hosts file in Windows or configuration files for other services.
- Cause a denial of service (DoS) if critical system files are overwritten or deleted.
The consequences of exploiting this vulnerability can be detriment
GHSA
Pimcore vulnerable to Pre-Auth Path Traversal in pimcore_log parameter
ghsa·2023-06-06
CVE-2023-2984 [MEDIUM] CWE-29 Pimcore vulnerable to Pre-Auth Path Traversal in pimcore_log parameter
Pimcore vulnerable to Pre-Auth Path Traversal in pimcore_log parameter
### Impact
A path traversal vulnerability exists in the CMS, which allows an attacker to overwrite or modify sensitive files by manipulating the `pimcore_log` parameter.This can lead to potential denial of service---key file overwrite.
The impact of this vulnerability allows attackers to:
- Overwrite or modify sensitive files, potentially leading to unauthorized access, privilege escalation, or disclosure of confidential information.
- Tamper with system settings by modifying key files, such as the hosts file in Windows or configuration files for other services.
- Cause a denial of service (DoS) if critical system files are overwritten or deleted.
The consequences of exploiting this vulnerability can be detriment
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-05-30
Published