Miggo Logo
Miggo Vulnerability Database
CVE-2023-1578

CVE-2023-1578: Pimcore Remote Code Execution vulnerability in Search function

6.5

CVSS Score
3.1

Basic Information

CVE ID
CVE-2023-1578
GHSA ID
GHSA-42c3-wvww-gcqj
EPSS Score
0.99296%
CWE
CWE-89
Published
3/22/2023
Updated
3/22/2023
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
pimcore/pimcorecomposer< 10.5.1910.5.19

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from unsanitized user input in the findAction method. The patch adds preg_replace filters to remove non-alphanumeric characters from 'type', 'subtype', and 'class' parameters, proving these inputs were previously vulnerable to SQL injection. As these parameters are used to build search queries, unpatched versions would allow attackers to inject malicious SQL payloads, leading to database compromise and potential RCE via subsequent attacks.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

### Imp**t *tt**k*r **n **t *ull ** *n* m*y** R** knowin* t** W**ROOT p*t* ### P*t***s Up**t* to v*rsion **.*.** or *pply t*is p*t** m*nu*lly *ttps://*it*u*.*om/pim*or*/pim*or*/*ommit/****************************************.p*t** ### Work*roun*s *

Reasoning

T** vuln*r**ility st*ms *rom uns*nitiz** us*r input in t** *in***tion m*t*o*. T** p*t** ***s pr**_r*pl*** *ilt*rs to r*mov* non-*lp**num*ri* ***r**t*rs *rom 'typ*', 'su*typ*', *n* '*l*ss' p*r*m*t*rs, provin* t**s* inputs w*r* pr*viously vuln*r**l* to