Exploit
CVE-2023-2984

Path Traversal: '\..\filename' (CWE-29)

Published: May 30, 2023 / Updated: 17mo ago

010
CVSS 8.8EPSS 0.04%High
CVE info copied to clipboard

Path Traversal: '\..\filename' in GitHub repository pimcore/pimcore prior to 10.5.22.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Timeline

First Article

Feedly found the first article mentioning CVE-2023-2984. See article

May 30, 2023 at 3:03 PM / cve.report
Static CVE Timeline Graph

Exploits

https://huntr.dev/bounties/5df8b951-e2f1-4548-a7e3-601186e1b191
+null more

Patches

Github Advisory
+null more

Vendor Advisory

[GHSA-46g3-f9r8-xj4v] Pimcore vulnerable to Pre-Auth Path Traversal in pimcore_log parameter
A path traversal vulnerability exists in the CMS, which allows an attacker to overwrite or modify sensitive files by manipulating the pimcore_log parameter.This can lead to potential denial of service---key file overwrite. Overwrite or modify sensitive files, potentially leading to unauthorized access, privilege escalation, or disclosure of confidential information.

News

[GHSA-46g3-f9r8-xj4v] Pimcore vulnerable to Pre-Auth Path Traversal in pimcore_log parameter
A path traversal vulnerability exists in the CMS, which allows an attacker to overwrite or modify sensitive files by manipulating the pimcore_log parameter.This can lead to potential denial of service---key file overwrite. Overwrite or modify sensitive files, potentially leading to unauthorized access, privilege escalation, or disclosure of confidential information.
CVE-2023-2984 Exploit
CVE Id : CVE-2023-2984 Published Date: 2023-06-05T18:16:00+00:00 Path Traversal: '\..\filename' in GitHub repository pimcore/pimcore prior to 10.5.22. inTheWild added a link to an exploit: https://huntr.dev/bounties/5df8b951-e2f1-4548-a7e3-601186e1b191
Pimcore directory traversal | CVE-2023-2984
Pimcore could allow a remote authenticated attacker to traverse directories on the system, caused by improper validation of user requests by the filename endpoint. Everyone that supports the site helps enable new functionality.
Path traversal in Pimcore CMS
NA - CVE-2023-2984 - Path Traversal: '\..\filename' in...
Path Traversal: '\..\filename' in GitHub repository pimcore/pimcore prior to 10.5.22.
See 5 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:Low
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI