Miggo Logo
Miggo Vulnerability Database
CVE-2015-7809

CVE-2015-7809:
Twig remote code execution in templates

8.1

CVSS Score
3.1

Basic Information

CVE ID
CVE-2015-7809
GHSA ID
GHSA-xw83-pwrm-9j74
EPSS Score
0.83029%
CWE
CWE-74
Published
5/14/2022
Updated
5/30/2024
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
twig/twigcomposer< 1.20.01.20.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from the displayBlock method not validating that the template instance is a Twig_Template. The GitHub patch adds a critical type check (instanceof Twig_Template) to prevent execution of arbitrary objects. This aligns with the CVE description about _self variable abuse in sandbox mode. The test case added in TemplateTest.php confirms the exploit vector involved passing non-Twig_Template objects to displayBlock.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

T** `*ispl*y*lo*k` *un*tion `T*mpl*t*.p*p` in S*nsio L**s Twi* ***or* *.**.*, w**n S*n**ox mo** is *n**l**, *llows r*mot* *tt**k*rs to *x**ut* *r*itr*ry *o** vi* t** `_s*l*` v*ri**l* in * t*mpl*t*.

Reasoning

T** vuln*r**ility st*ms *rom t** *ispl*y*lo*k m*t*o* not v*li**tin* t**t t** t*mpl*t* inst*n** is * Twi*_T*mpl*t*. T** *it*u* p*t** ***s * *riti**l typ* ****k (inst*n**o* Twi*_T*mpl*t*) to pr*v*nt *x**ution o* *r*itr*ry o*j**ts. T*is *li*ns wit* t**