Pimcore
CVE-2019-16317
HIGH
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
In Pimcore before 5.7.1, an attacker with limited privileges can trigger execution of a .phar file via a phar:// URL in a filename parameter, because PHAR uploads are not blocked and are reachable within the phar://../../../../../../../../var/www/html/web/var/assets/ directory, a different vulnerability than CVE-2019-10867 and CVE-2019-16318.
AnalysisAI
In Pimcore before 5.7.1, an attacker with limited privileges can trigger execution of a .phar file via a phar:// URL in a filename parameter, because PHAR uploads are not blocked and are reachable. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.
Technical ContextAI
This vulnerability is classified as Deserialization of Untrusted Data (CWE-502), which allows attackers to execute arbitrary code through malicious serialized objects. In Pimcore before 5.7.1, an attacker with limited privileges can trigger execution of a .phar file via a phar:// URL in a filename parameter, because PHAR uploads are not blocked and are reachable within the phar://../../../../../../../../var/www/html/web/var/assets/ directory, a different vulnerability than CVE-2019-10867 and CVE-2019-16318. Affected products include: Pimcore. Version information: before 5.7.1.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Avoid deserializing untrusted data. Use safe serialization formats (JSON). Implement integrity checks and type allowlists.
An issue was discovered in Pimcore before 5.7.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploita
pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Rated cri
Blind SQL injection in Pimcore's Admin Search Find API allows authenticated attackers to extract database information th
Pimcore is an Open Source Data & Experience Management Platform. Rated high severity (CVSS 8.8), this vulnerability is r
Path Traversal: '\..\filename' in GitHub repository pimcore/pimcore prior to 10.5.22. Rated high severity (CVSS 8.8), th
Privilege Defined With Unsafe Actions in GitHub repository pimcore/pimcore prior to 10.5.23. Rated high severity (CVSS 8
SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.21. Rated high severity (CVSS 8.8), this vulnerability
SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.19. Rated high severity (CVSS 8.8), this vulnerability
An improper SameSite Attribute vulnerability in pimCore v10.5.15 allows attackers to execute arbitrary code. Rated high
This affects the package pimcore/pimcore before 10.0.7. Rated high severity (CVSS 8.8), this vulnerability is remotely e
Pimcore before 5.3.0 allows remote attackers to conduct cross-site request forgery (CSRF) attacks by leveraging validati
Pimcore is an open source data and experience management platform. Rated high severity (CVSS 8.7), this vulnerability is
Same weakness CWE-502 – Deserialization of Untrusted Data
View allSame technique Deserialization
View allShare
External POC / Exploit Code
Leaving vuln.today