Lucene search
GoogleOSV:GHSA-352X-HC2F-FWFFHistoryMay 24, 2022 - 4:56 p.m.
Pimcore RCE via PHAR upload
2022-05-2416:56:12
Google
osv.dev
7
pimcore
remote code execution
phar upload
vulnerability
EPSS
0.86
Percentile
98.6%
In Pimcore before 5.7.1, an attacker with limited privileges can trigger execution of a .phar file via a phar:// URL in a filename parameter, because PHAR uploads are not blocked and are reachable within the phar://../../../../../../../../var/www/html/web/var/assets/ directory, a different vulnerability than CVE-2019-10867 and CVE-2019-16318.
Related
prion
prion
Design/Logic Flaw
2019-09-14 18:15:00
Directory traversal
2019-09-14 18:15:00
Design/Logic Flaw
2019-04-04 18:29:00
github
github
Pimcore Unrestricted Upload of File with Dangerous Type
2022-05-24 16:56:12
Pimcore RCE via PHAR upload
2022-05-24 16:56:12
Pimcore Unserialize Remote Code Execution
2022-05-13 01:27:53
osv
osv
Pimcore Unrestricted Upload of File with Dangerous Type
2022-05-24 16:56:12
CVE-2019-16317
2019-09-14 18:15:11
CVE-2019-16318
2019-09-14 18:15:11
nvd
nvd
cve
cve
cvelist
cvelist
veracode
veracode
File-Upload Restrictions Bypass
2019-09-16 01:48:17
Arbitrary Code Execution
2019-09-16 01:53:14
Remote Code Execution (RCE)
2019-04-05 04:42:44
exploitdb
exploitdb
Pimcore < 5.71 - Unserialize Remote Code Execution (Metasploit)
2019-04-30 00:00:00
packetstorm
packetstorm
Pimcore Unserialize Remote Code Execution
2019-04-29 00:00:00
attackerkb
attackerkb
Pimcore Deserialization Vulnerability
2019-04-04 00:00:00
metasploit
metasploit
Pimcore Unserialize RCE
2019-04-07 20:44:02
zdt
zdt
Pimcore < 5.71 Unserialize Remote Code Execution Exploit
2019-04-30 00:00:00