Miggo Logo
Miggo Vulnerability Database
CVE-2023-29689

CVE-2023-29689: PyroCMS remote code execution vulnerability

9.8

CVSS Score
3.1

Basic Information

CVE ID
CVE-2023-29689
GHSA ID
GHSA-w7vm-4v3j-vgpw
EPSS Score
0.9831%
CWE
-
Published
8/4/2023
Updated
11/11/2023
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
pyrocms/pyrocmscomposer<= 3.9

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from improper handling of user input in template rendering. PyroCMS uses Twig for templating, and the critical RCE occurs when unvalidated user input is passed to Twig's render() function. This allows attackers to inject Twig template syntax (e.g., {{ malicious_code }}) that executes arbitrary PHP code. While the exact controller/file isn't specified in public disclosures, the root cause lies in Twig's Environment::render method being called with attacker-controlled input, a common SSTI pattern in PHP applications. The high confidence comes from the vulnerability's classification as SSTI leading to RCE, which directly implicates template rendering functions.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

Pyro*MS *.* *ont*ins * r*mot* *o** *x**ution (R**) vuln*r**ility t**t **n ** *xploit** t*rou** * s*rv*r-si** t*mpl*t* inj**tion (SSTI) *l*w. T*is vuln*r**ility *llows * m*li*ious *tt**k*r to s*n* *ustomiz** *omm*n*s to t** s*rv*r *n* *x**ut* *r*itr*r

Reasoning

T** vuln*r**ility st*ms *rom improp*r **n*lin* o* us*r input in t*mpl*t* r*n**rin*. Pyro*MS us*s Twi* *or t*mpl*tin*, *n* t** *riti**l R** o**urs w**n unv*li**t** us*r input is p*ss** to Twi*'s `r*n**r()` *un*tion. T*is *llows *tt**k*rs to inj**t Twi