CVE-2021-43836 PHP file inclusion in the Sulu admin panel

2021-12-1520:10:10

CWE-22

GitHub_M

www.cve.org

sulu cms

php

file inclusion

cve-2021-43836

symfony

remote code execution

patch

version 1.6.44

version 2.2.18

version 2.3.8

version 2.4.0

service overwrite

translator

expression language.

CVSS3

8.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

9.1

Confidence

High

EPSS

0.003

Percentile

69.4%

JSON

Sulu is an open-source PHP content management system based on the Symfony framework. In affected versions an attacker can read arbitrary local files via a PHP file include. In a default configuration this also leads to remote code execution. The problem is patched with the Versions 1.6.44, 2.2.18, 2.3.8, 2.4.0. For users unable to upgrade overwrite the service sulu_route.generator.expression_token_provider and wrap the translator before passing it to the expression language.

CNA Affected

[
  {
    "product": "sulu",
    "vendor": "sulu",
    "versions": [
      {
        "status": "affected",
        "version": "< 1.6.44"
      },
      {
        "status": "affected",
        "version": ">= 2.0.0, < 2.2.18"
      },
      {
        "status": "affected",
        "version": ">= 2.3.0, < 2.3.8"
      }
    ]
  }
]