Miggo Logo

CVE-2023-38708: Pimcore Path Traversal Vulnerability in AssetController:importServerFilesAction

6.3

CVSS Score
3.1

Basic Information

EPSS Score
0.00124%
Published
8/3/2023
Updated
11/11/2023
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Package NameEcosystemVulnerable VersionsFirst Patched Version
pimcore/pimcorecomposer< 10.6.710.6.7

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from the unpatched version of importServerFilesAction which handled user-supplied file paths without proper sanitization. The commit diff shows the vulnerability was addressed by adding realpath() checks and path containment validation. The function's direct use of unsanitized user input ($request->get('files')) to build filesystem paths makes it the clear entry point for the path traversal attack. The CWE-22 mapping and patch location confirm this assessment.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

### Imp**t * p*t* tr*v*rs*l vuln*r**ility *xists in t** `*ss*t*ontroll*r::importS*rv*r*il*s**tion`, w*i** *llows *n *tt**k*r to ov*rwrit* or mo*i*y s*nsitiv* *il*s *y m*nipul*tin* t** pim*or*_lo* p*r*m*t*r.T*is **n l*** to pot*nti*l **ni*l o* s*rvi**

Reasoning

T** vuln*r**ility st*ms *rom t** unp*t**** v*rsion o* `importS*rv*r*il*s**tion` w*i** **n*l** us*r-suppli** *il* p*t*s wit*out prop*r s*nitiz*tion. T** *ommit *i** s*ows t** vuln*r**ility w*s ***r*ss** *y ***in* `r**lp*t*()` ****ks *n* p*t* *ont*inm*