CVE-2021-36766
Published on: 07/27/2021 12:00:00 AM UTC
Last Modified on: 09/22/2021 04:56:00 PM UTC
Certain versions of Concrete5 from Concrete5 contain the following vulnerability:
Concrete5 through 8.5.5 deserializes Untrusted Data. The vulnerable code is located within the controllers/single_page/dashboard/system/environment/logging.php Logging::update_logging() method. User input passed through the logFile request parameter is not properly sanitized before being used in a call to the file_exists() PHP function. This can be exploited by malicious users to inject arbitrary PHP objects into the application scope (PHP Object Injection via phar:// stream wrapper), allowing them to carry out a variety of attacks, such as executing arbitrary PHP code.
- CVE-2021-36766 has been assigned by
[email protected] to track the vulnerability - currently rated as HIGH severity.
CVSS3 Score: 7.2 - HIGH
Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
---|---|---|---|
NETWORK | LOW | HIGH | NONE |
Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
UNCHANGED | HIGH | HIGH | HIGH |
CVSS2 Score: 6.5 - MEDIUM
Access Vector ⓘ |
Access Complexity |
Authentication |
---|---|---|
NETWORK | LOW | SINGLE |
Confidentiality Impact |
Integrity Impact |
Availability Impact |
PARTIAL | PARTIAL | PARTIAL |
CVE References
Description | Tags ⓘ | Link |
---|---|---|
HackerOne | hackerone.com text/html |
![]() |
Concrete5 8.5.5 Phar Deserialization ≈ Packet Storm | packetstormsecurity.com text/html |
![]() |
Full Disclosure: [KIS-2021-05] Concrete5 <= 8.5.5 (Logging Settings) Phar Deserialization Vulnerability | seclists.org text/html |
![]() |
There are currently no QIDs associated with this CVE
Known Affected Configurations (CPE V2.3)
Type | Vendor | Product | Version | Update | Edition | Language |
---|---|---|---|---|---|---|
Application | Concrete5 | Concrete5 | All | All | All | - |
Application | Concretecms | Concrete Cms | All | All | All | All |
- cpe:2.3:a:concrete5:concrete5:*:*:*:-:*:*:*:*:
- cpe:2.3:a:concretecms:concrete_cms:*:*:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE
Social Mentions
Source | Title | Posted (UTC) |
---|---|---|
![]() |
CVE-2021-36766 : Concrete5 through 8.5.5 deserializes Untrusted Data. The vulnerable code is located within the con… twitter.com/i/web/status/1… | 2021-07-27 07:47:35 |
![]() |
Php - CVE-2021-36766: seclists.org/fulldisclosure… | 2021-07-30 16:35:14 |