CVE-2022-30117 – concrete5/core

Package

Manager: composer
Name: concrete5/core
Vulnerable Version: >=9.0.0 <9.1.0 || >=0 <8.5.8

Severity

Level: Critical

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.01582 pctl0.80898

Details

Path traversal in Concrete CMS Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2 allow traversal in /index.php/ccm/system/file/upload which could result in an Arbitrary File Delete exploit. This was remediated by sanitizing /index.php/ccm/system/file/upload to ensure Concrete doesn’t allow traversal and by changing isFullChunkFilePresent to have an early false return when input doesn't match expectations.Concrete CMS Security team ranked this 5.8 with CVSS v3.1 vector AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H. Credit to Siebene for reporting.

Metadata

Created: 2022-06-25T00:00:54Z
Modified: 2022-07-06T16:49:14Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/06/GHSA-3jxh-6635-6jwp/GHSA-3jxh-6635-6jwp.json
CWE IDs: ["CWE-22"]
Alternative ID: GHSA-3jxh-6635-6jwp
Finding: F063
Auto approve: 1