CVE-2023-2453

There is insufficient sanitization of tainted file names that are directly concatenated with a path that is subsequently passed to a ‘require_once’ statement. This allows arbitrary files with the ‘.php’ extension for which the absolute path is known to be included and executed. There are no known means in PHPFusion through which an attacker can upload and target a ‘.php’ file payload.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.synopsys.com/blogs/software-security/cyrc-vulnerability-advisory-cve-2023-2453/	Third Party Advisory
https://www.synopsys.com/blogs/software-security/cyrc-vulnerability-advisory-cve-2023-2453/	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:php-fusion:phpfusion:*:*:*:*:*:*:*:*

History

21 Nov 2024, 07:58

Type	Values Removed	Values Added
References	~~() https://www.synopsys.com/blogs/software-security/cyrc-vulnerability-advisory-cve-2023-2453/ - Third Party Advisory~~	() https://www.synopsys.com/blogs/software-security/cyrc-vulnerability-advisory-cve-2023-2453/ - Third Party Advisory

08 Sep 2023, 17:27

Type	Values Removed	Values Added
First Time		Php-fusion Php-fusion phpfusion
CWE		CWE-829
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 8.8
References	~~(MISC) https://www.synopsys.com/blogs/software-security/cyrc-vulnerability-advisory-cve-2023-2453/ -~~	(MISC) https://www.synopsys.com/blogs/software-security/cyrc-vulnerability-advisory-cve-2023-2453/ - Third Party Advisory
CPE		cpe:2.3:a:php-fusion:phpfusion::::::::

05 Sep 2023, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-09-05 15:15

Updated : 2024-11-21 07:58

NVD link : CVE-2023-2453

Mitre link : CVE-2023-2453

CVE.ORG link : CVE-2023-2453

JSON object : View

Products Affected

php-fusion

phpfusion

CWE

CWE-829

Inclusion of Functionality from Untrusted Control Sphere

{"id": "CVE-2023-2453", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "disclosure@synopsys.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2023-09-05T15:15:42.377", "references": [{"url": "https://www.synopsys.com/blogs/software-security/cyrc-vulnerability-advisory-cve-2023-2453/", "tags": ["Third Party Advisory"], "source": "disclosure@synopsys.com"}, {"url": "https://www.synopsys.com/blogs/software-security/cyrc-vulnerability-advisory-cve-2023-2453/", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "disclosure@synopsys.com", "description": [{"lang": "en", "value": "CWE-829"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-829"}]}], "descriptions": [{"lang": "en", "value": "There is insufficient sanitization of tainted file names that are directly concatenated with a path that is subsequently passed to a \u2018require_once\u2019 statement. This allows arbitrary files with the \u2018.php\u2019 extension for which the absolute path is known to be included and executed. There are no known means in PHPFusion through which an attacker can upload and target a \u2018.php\u2019 file payload."}, {"lang": "es", "value": "La limpieza de nombres de archivo contaminados que se concatenan directamente con una ruta que posteriormente se pasa a una sentencia 'require_once' es insuficiente. Esto permite que se incluyan y ejecuten archivos arbitrarios con la extensi\u00f3n '.php' cuya ruta absoluta se conoce. No hay medios conocidos en PHPFusion a trav\u00e9s de los cuales un atacante pueda cargar y apuntar a una carga \u00fatil de archivo '.php'."}], "lastModified": "2024-11-21T07:58:38.753", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:php-fusion:phpfusion:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "593D7CFA-FF94-4476-98CF-C83A17292E94", "versionEndIncluding": "9.10.30"}], "operator": "OR"}]}], "sourceIdentifier": "disclosure@synopsys.com"}