Miggo Logo
Miggo Vulnerability Database
CVE-2019-16318

CVE-2019-16318: Pimcore Unrestricted Upload of File with Dangerous Type

8.8

CVSS Score
3.1

Basic Information

CVE ID
CVE-2019-16318
GHSA ID
GHSA-cxj7-4jpj-2q38
EPSS Score
0.05026%
CWE
CWE-434
Published
5/24/2022
Updated
4/24/2024
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
pimcore/pimcorecomposer< 5.7.15.7.1

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from the absence of filename length validation in the correctPath method before patching. The commit 732f164 explicitly adds a mb_strlen check in this method to prevent long filenames, indicating this was the vulnerable entry point. The method handles filename processing and extension renaming (.php to .php.txt), which failed when filenames exceeded 255 characters due to filesystem truncation or validation bypass.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

In Pim*or* ***or* *.*.*, *n *tt**k*r wit* limit** privil***s **n *yp*ss *il*-*xt*nsion r*stri*tions vi* * ***-***r**t*r *il*n*m*, *s **monstr*t** *y t** **ilur* o* *utom*ti* r*n*min* o* .p*p to .p*p.txt *or lon* *il*n*m*s, * *i***r*nt vuln*r**ility t

Reasoning

T** vuln*r**ility st*ms *rom t** **s*n** o* `*il*n*m*` l*n*t* `v*li**tion` in t** `*orr**tP*t*` m*t*o* ***or* p*t**in*. T** *ommit `*******` *xpli*itly ***s * `m*_strl*n` ****k in t*is m*t*o* to pr*v*nt lon* `*il*n*m*s`, in*i**tin* t*is w*s t** vuln*