Описание
Sulu is an open-source PHP content management system based on the Symfony framework. In affected versions an attacker can read arbitrary local files via a PHP file include. In a default configuration this also leads to remote code execution. The problem is patched with the Versions 1.6.44, 2.2.18, 2.3.8, 2.4.0. For users unable to upgrade overwrite the service sulu_route.generator.expression_token_provider and wrap the translator before passing it to the expression language.
Ссылки
- PatchThird Party Advisory
- Third Party Advisory
- PatchThird Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.6.44 (исключая)Версия от 2.0.0 (включая) до 2.2.18 (исключая)Версия от 2.3.0 (включая) до 2.3.8 (исключая)
Одно из
cpe:2.3:a:sulu:sulu:*:*:*:*:*:*:*:*
cpe:2.3:a:sulu:sulu:*:*:*:*:*:*:*:*
cpe:2.3:a:sulu:sulu:*:*:*:*:*:*:*:*
cpe:2.3:a:sulu:sulu:2.4.0:rc1:*:*:*:*:*:*
EPSS
Процентиль: 89%
0.04292
Низкий
8.5 High
CVSS3
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-22
Связанные уязвимости
EPSS
Процентиль: 89%
0.04292
Низкий
8.5 High
CVSS3
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-22