Miggo Logo
Miggo Vulnerability Database
CVE-2022-34026

CVE-2022-34026: ICEcoder vulnerable to Path Traversal

7.5

CVSS Score
3.1

Basic Information

CVE ID
CVE-2022-34026
GHSA ID
GHSA-fvf5-xp83-vrqp
EPSS Score
0.65894%
CWE
CWE-22
Published
9/23/2022
Updated
1/27/2023
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
icecoder/icecodercomposer<= 8.1

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from three chained functions:

  1. getConfigUsersFileDetails() builds a path using unsanitized $_POST['username'] combined with SERVER_NAME
  2. getConfigUsersSettings() accepts this untrusted path
  3. serializedFileData() performs unsafe file_get_contents() on the path This allows attackers to inject '../' sequences in the username parameter to read arbitrary files like '../../../../etc/passwd'. The user-controlled input flows directly into file operations without normalization or validation, characteristic of CWE-22 path traversal vulnerabilities.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

I***o**r v*.* *llows *tt**k*rs to *x**ut* * *ir**tory tr*v*rs*l.

Reasoning

T** vuln*r**ility st*ms *rom t*r** ***in** *un*tions: *. **t*on*i*Us*rs*il***t*ils() *uil*s * p*t* usin* uns*nitiz** $_POST['us*rn*m*'] *om*in** wit* S*RV*R_N*M* *. **t*on*i*Us*rsS*ttin*s() ****pts t*is untrust** p*t* *. s*ri*liz***il***t*() p*r*orms