CVE-2021-43836

Published: Dec 15, 2021Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Sulu is an open-source PHP content management system based on the Symfony framework. In affected versions an attacker can read arbitrary local files via a PHP file include. In a default configuration this also leads to remote code execution. The problem is patched with the Versions 1.6.44, 2.2.18, 2.3.8, 2.4.0. For users unable to upgrade overwrite the service `sulu_route.generator.expression_token_provider` and wrap the translator before passing it to the expression language.

Affected (4)

Products: Sulu: Sulu

1 product

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Sulu Sulu	Before 1.6.44
Sulu Sulu	From 2.0.0 to 2.2.18
Sulu Sulu	From 2.3.0 to 2.3.8
Sulu Sulu	Version 2.4.0 rc1

Related CWEs

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References (4)

https://github.com/sulu/sulu/commit/9c948f9ce350c68b53af8c3910e2cefc7f722b54

Source: security-advisories@github.com

PatchThird Party Advisory

https://github.com/sulu/sulu/security/advisories/GHSA-vx6j-pjrh-vgjh

Source: security-advisories@github.com

Third Party Advisory

https://github.com/sulu/sulu/commit/9c948f9ce350c68b53af8c3910e2cefc7f722b54

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://github.com/sulu/sulu/security/advisories/GHSA-vx6j-pjrh-vgjh

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.