CVE-2018-19789
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An issue was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9, and 4.2.x before 4.2.1. When using the scalar type hint `string` in a setter method (e.g. `setName(string $name)`) of a class that's the `data_class` of a form, and when a file upload is submitted to the corresponding field instead of a normal text input, then `UploadedFile::__toString()` is called which will then return and disclose the path of the uploaded file. If combined with a local file inclusion issue in certain circumstances this could escalate it to a Remote Code Execution.
Se ha descubierto un problema en Symfony en versiones 2.7.x anteriores a la 2.7.50, versiones 2.8.x anteriores a la 2.8.49, versiones 3.x anteriores a la 3.4.20, versiones 4.0.x anteriores a la 4.0.15, versiones 4.1.x anteriores a la 4.1.9 y versiones 4.2.x anteriores a la 4.2.1. Al emplear la lista de ripo escalar "string" en un método setter (por ejemplo, "setName(string $name)") de una clase que es el "data_class" de un formulario, y cuando se envía una subida de archivos al campo correspondiente en lugar de una entrada de texto normal, se llama a "UploadedFile::__toString()", lo que devolverá y revelará la ruta del archivo subido. En determinadas circunstancias, si se combina con un problema de inclusión de archivos locales, podría escalarse a una ejecución remota de código.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-12-02 CVE Reserved
- 2018-12-18 CVE Published
- 2024-08-05 CVE Updated
- 2024-10-27 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-434: Unrestricted Upload of File with Dangerous Type
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/106249 | Third Party Advisory | |
| https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html | Mailing List |
|
| https://seclists.org/bugtraq/2019/May/21 | Mailing List |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://symfony.com/blog/cve-2018-19789-disclosure-of-uploaded-files-full-path | 2023-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Sensiolabs Search vendor "Sensiolabs" | Symfony Search vendor "Sensiolabs" for product "Symfony" | >= 2.7.0 < 2.7.50 Search vendor "Sensiolabs" for product "Symfony" and version " >= 2.7.0 < 2.7.50" | - |
Affected
| ||||||
| Sensiolabs Search vendor "Sensiolabs" | Symfony Search vendor "Sensiolabs" for product "Symfony" | >= 2.8.0 < 2.8.49 Search vendor "Sensiolabs" for product "Symfony" and version " >= 2.8.0 < 2.8.49" | - |
Affected
| ||||||
| Sensiolabs Search vendor "Sensiolabs" | Symfony Search vendor "Sensiolabs" for product "Symfony" | >= 3.0.0 < 3.4.20 Search vendor "Sensiolabs" for product "Symfony" and version " >= 3.0.0 < 3.4.20" | - |
Affected
| ||||||
| Sensiolabs Search vendor "Sensiolabs" | Symfony Search vendor "Sensiolabs" for product "Symfony" | >= 4.0.0 < 4.0.15 Search vendor "Sensiolabs" for product "Symfony" and version " >= 4.0.0 < 4.0.15" | - |
Affected
| ||||||
| Sensiolabs Search vendor "Sensiolabs" | Symfony Search vendor "Sensiolabs" for product "Symfony" | >= 4.1.0 < 4.1.9 Search vendor "Sensiolabs" for product "Symfony" and version " >= 4.1.0 < 4.1.9" | - |
Affected
| ||||||
| Sensiolabs Search vendor "Sensiolabs" | Symfony Search vendor "Sensiolabs" for product "Symfony" | >= 4.2.0 < 4.2.1 Search vendor "Sensiolabs" for product "Symfony" and version " >= 4.2.0 < 4.2.1" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||