CVE-2021-36766
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
Concrete5 through 8.5.5 deserializes Untrusted Data. The vulnerable code is located within the controllers/single_page/dashboard/system/environment/logging.php Logging::update_logging() method. User input passed through the logFile request parameter is not properly sanitized before being used in a call to the file_exists() PHP function. This can be exploited by malicious users to inject arbitrary PHP objects into the application scope (PHP Object Injection via phar:// stream wrapper), allowing them to carry out a variety of attacks, such as executing arbitrary PHP code.
Concrete5 versiones hasta 8.5.5, deserializa Datos no Confiables. El código vulnerable se encuentra dentro del método controllers/single_page/dashboard/system/environment/logging.php en la función Logging::update_logging(). Una entrada del usuario que se pasa mediante el parámetro logFile request no es saneado apropiadamente antes de ser usada en una llamada a la función PHP file_exists(). Esto puede ser explotado por usuarios maliciosos para inyectar objetos PHP arbitrarios en el ámbito de la aplicación (PHP Object Injection por medio de phar:// stream wrapper), permitiéndoles llevar a cabo una variedad de ataques, como una ejecución de código PHP arbitrario
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-07-16 CVE Reserved
- 2021-07-20 CVE Published
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- 2024-08-29 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-502: Deserialization of Untrusted Data
CAPEC
References (2)
URL | Tag | Source |
---|
URL | Date | SRC |
---|---|---|
http://packetstormsecurity.com/files/163564/Concrete5-8.5.5-Phar-Deserialization.html | 2024-08-04 | |
http://seclists.org/fulldisclosure/2021/Jul/36 | 2024-08-04 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Concretecms Search vendor "Concretecms" | Concrete Cms Search vendor "Concretecms" for product "Concrete Cms" | < 8.5.6 Search vendor "Concretecms" for product "Concrete Cms" and version " < 8.5.6" | - |
Affected
|