CVE-2024-45290Absolute Path Traversal in Phpspreadsheet

CWE-36Absolute Path TraversalCWE-918Server-Side Request Forgery5 documents5 sources
Severity
7.5HIGHNVD
CNA7.7
EPSS
0.3%
top 46.25%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Phpoffice PhpspreadsheetPhpoffice Phpexcel
Timeline
PublishedOct 7
Latest updateOct 23

Description

PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. It's possible for an attacker to construct an XLSX file which links media from external URLs. When opening the XLSX file, PhpSpreadsheet retrieves the image size and type by reading the file contents, if the provided path is a URL. By using specially crafted `php://filter` URLs an attacker can leak the contents of any file or URL. Note that this vulnerability is different from GHSA-w9xv-qf98-ccq4, and resides in a di

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

CVEListV5phpoffice/phpspreadsheet< 1.29.2+2
NVDphpoffice/phpspreadsheet2.0.02.1.1+2
Packagistphpoffice/phpspreadsheet2.2.02.3.0+2
Packagistphpoffice/phpexcel1.8.2

Patches

Patch: github.com

🔴Vulnerability Details

3
CVEList
Path traversal and Server-Side Request Forgery when opening XLSX files in PHPSpreadsheet2024-10-07
OSV
PhpSpreadsheet allows absolute path traversal and Server-Side Request Forgery when opening XLSX file2024-10-07
GHSA
PhpSpreadsheet allows absolute path traversal and Server-Side Request Forgery when opening XLSX file2024-10-07

📋Vendor Advisories

1
Drupal
Loft Data Grids - Moderately critical - Multiple vulnerabilities - SA-CONTRIB-2024-0542024-10-23
CVE-2024-45290 — Absolute Path Traversal | cvebase