CVE-2023-2453 (GCVE-0-2023-2453)
Vulnerability from cvelistv5
Published
2023-09-05 14:39
Modified
2024-09-27 13:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-829 - Inclusion of Functionality from Untrusted Control Sphere
Summary
There is insufficient sanitization of tainted file names that are directly concatenated with a path that is subsequently passed to a ‘require_once’ statement. This allows arbitrary files with the ‘.php’ extension for which the absolute path is known to be included and executed. There are no known means in PHPFusion through which an attacker can upload and target a ‘.php’ file payload.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:26:08.887Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.synopsys.com/blogs/software-security/cyrc-vulnerability-advisory-cve-2023-2453/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2453",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-27T13:51:57.602390Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-27T13:52:08.560Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "PHPFusion",
"repo": "https://github.com/PHPFusion/PHPFusion",
"vendor": "PHPFusion",
"versions": [
{
"lessThanOrEqual": "9.10.30",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Matthew Hogg"
}
],
"datePublic": "2023-09-05T14:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There is insufficient sanitization of tainted file names that are directly concatenated with a path that is subsequently passed to a \u2018require_once\u2019 statement. This allows arbitrary files with the \u2018.php\u2019 extension for which the absolute path is known to be included and executed. There are no known means in PHPFusion through which an attacker can upload and target a \u2018.php\u2019 file payload."
}
],
"value": "There is insufficient sanitization of tainted file names that are directly concatenated with a path that is subsequently passed to a \u2018require_once\u2019 statement. This allows arbitrary files with the \u2018.php\u2019 extension for which the absolute path is known to be included and executed. There are no known means in PHPFusion through which an attacker can upload and target a \u2018.php\u2019 file payload."
}
],
"impacts": [
{
"capecId": "CAPEC-252",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-252 PHP Local File Inclusion"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-829",
"description": "CWE-829 Inclusion of Functionality from Untrusted Control Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-05T14:39:10.011Z",
"orgId": "8cad7728-009c-4a3d-a95e-ca62e6ff8a0b",
"shortName": "SNPS"
},
"references": [
{
"url": "https://www.synopsys.com/blogs/software-security/cyrc-vulnerability-advisory-cve-2023-2453/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Local file Inclusion (LFI) in Forum Infusion via Directory Traversal",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDisabling the \u201cForum\u201d Infusion through the admin panel removes the endpoint through which this vulnerability is exploited, and so prevents the issue. If the \u201cForum\u201d Infusion cannot be disabled, technologies such as a web application firewall may help to mitigate exploitation attempts.\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "\nDisabling the \u201cForum\u201d Infusion through the admin panel removes the endpoint through which this vulnerability is exploited, and so prevents the issue. If the \u201cForum\u201d Infusion cannot be disabled, technologies such as a web application firewall may help to mitigate exploitation attempts.\u00a0\n\n\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cad7728-009c-4a3d-a95e-ca62e6ff8a0b",
"assignerShortName": "SNPS",
"cveId": "CVE-2023-2453",
"datePublished": "2023-09-05T14:39:10.011Z",
"dateReserved": "2023-05-01T16:45:27.226Z",
"dateUpdated": "2024-09-27T13:52:08.560Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2023-2453\",\"sourceIdentifier\":\"disclosure@synopsys.com\",\"published\":\"2023-09-05T15:15:42.377\",\"lastModified\":\"2024-11-21T07:58:38.753\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"There is insufficient sanitization of tainted file names that are directly concatenated with a path that is subsequently passed to a \u2018require_once\u2019 statement. This allows arbitrary files with the \u2018.php\u2019 extension for which the absolute path is known to be included and executed. There are no known means in PHPFusion through which an attacker can upload and target a \u2018.php\u2019 file payload.\"},{\"lang\":\"es\",\"value\":\"La limpieza de nombres de archivo contaminados que se concatenan directamente con una ruta que posteriormente se pasa a una sentencia \u0027require_once\u0027 es insuficiente. Esto permite que se incluyan y ejecuten archivos arbitrarios con la extensi\u00f3n \u0027.php\u0027 cuya ruta absoluta se conoce. No hay medios conocidos en PHPFusion a trav\u00e9s de los cuales un atacante pueda cargar y apuntar a una carga \u00fatil de archivo \u0027.php\u0027.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"disclosure@synopsys.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"disclosure@synopsys.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-829\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-829\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php-fusion:phpfusion:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"9.10.30\",\"matchCriteriaId\":\"593D7CFA-FF94-4476-98CF-C83A17292E94\"}]}]}],\"references\":[{\"url\":\"https://www.synopsys.com/blogs/software-security/cyrc-vulnerability-advisory-cve-2023-2453/\",\"source\":\"disclosure@synopsys.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.synopsys.com/blogs/software-security/cyrc-vulnerability-advisory-cve-2023-2453/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.synopsys.com/blogs/software-security/cyrc-vulnerability-advisory-cve-2023-2453/\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T06:26:08.887Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-2453\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-27T13:51:57.602390Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-27T13:52:03.986Z\"}}], \"cna\": {\"title\": \"Local file Inclusion (LFI) in Forum Infusion via Directory Traversal\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"user\": \"00000000-0000-4000-9000-000000000000\", \"value\": \"Matthew Hogg\"}], \"impacts\": [{\"capecId\": \"CAPEC-252\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-252 PHP Local File Inclusion\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"repo\": \"https://github.com/PHPFusion/PHPFusion\", \"vendor\": \"PHPFusion\", \"product\": \"PHPFusion\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"9.10.30\"}], \"defaultStatus\": \"affected\"}], \"datePublic\": \"2023-09-05T14:30:00.000Z\", \"references\": [{\"url\": \"https://www.synopsys.com/blogs/software-security/cyrc-vulnerability-advisory-cve-2023-2453/\"}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"\\nDisabling the \\u201cForum\\u201d Infusion through the admin panel removes the endpoint through which this vulnerability is exploited, and so prevents the issue. If the \\u201cForum\\u201d Infusion cannot be disabled, technologies such as a web application firewall may help to mitigate exploitation attempts.\\u00a0\\n\\n\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\\n\\n\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eDisabling the \\u201cForum\\u201d Infusion through the admin panel removes the endpoint through which this vulnerability is exploited, and so prevents the issue. If the \\u201cForum\\u201d Infusion cannot be disabled, technologies such as a web application firewall may help to mitigate exploitation attempts.\u003c/span\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003e\u0026nbsp;\u003c/span\u003e\\n\\n\u003cbr\u003e\", \"base64\": false}]}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"There is insufficient sanitization of tainted file names that are directly concatenated with a path that is subsequently passed to a \\u2018require_once\\u2019 statement. This allows arbitrary files with the \\u2018.php\\u2019 extension for which the absolute path is known to be included and executed. There are no known means in PHPFusion through which an attacker can upload and target a \\u2018.php\\u2019 file payload.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"There is insufficient sanitization of tainted file names that are directly concatenated with a path that is subsequently passed to a \\u2018require_once\\u2019 statement. This allows arbitrary files with the \\u2018.php\\u2019 extension for which the absolute path is known to be included and executed. There are no known means in PHPFusion through which an attacker can upload and target a \\u2018.php\\u2019 file payload.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-829\", \"description\": \"CWE-829 Inclusion of Functionality from Untrusted Control Sphere\"}]}], \"providerMetadata\": {\"orgId\": \"8cad7728-009c-4a3d-a95e-ca62e6ff8a0b\", \"shortName\": \"SNPS\", \"dateUpdated\": \"2023-09-05T14:39:10.011Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-2453\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-09-27T13:52:08.560Z\", \"dateReserved\": \"2023-05-01T16:45:27.226Z\", \"assignerOrgId\": \"8cad7728-009c-4a3d-a95e-ca62e6ff8a0b\", \"datePublished\": \"2023-09-05T14:39:10.011Z\", \"assignerShortName\": \"SNPS\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…