CVE-2021-23835

{"id": "CVE-2021-23835", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.2}]}, "published": "2021-01-15T07:15:13.970", "references": [{"url": "http://packetstormsecurity.com/files/160936/flatCore-CMS-XSS-File-Disclosure-SQL-Injection.html", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://github.com/flatCore/flatCore-CMS", "tags": ["Product", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://sec-consult.com/vulnerability-lab/", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in flatCore before 2.0.0 build 139. A local file disclosure vulnerability was identified in the docs_file HTTP request body parameter for the acp interface. This can be exploited with admin access rights. The affected parameter (which retrieves the contents of the specified file) was found to be accepting malicious user input without proper sanitization, thus leading to retrieval of backend server sensitive files, e.g., /etc/passwd, SQLite database files, PHP source code, etc."}, {"lang": "es", "value": "Se detect\u00f3 un problema en flatCore versiones anteriores a 2.0.0 compilaci\u00f3n 139. Se identific\u00f3 una vulnerabilidad de divulgaci\u00f3n de archivos locales en el par\u00e1metro del cuerpo de una petici\u00f3n HTTP docs_file body para la interfaz acp. Esto puede ser explotado con derechos de acceso de administrador. Se encontr\u00f3 que el par\u00e1metro afectado (que recupera el contenido del archivo especificado) acepta la entrada de usuarios maliciosos sin un saneamiento apropiado, conllevando entonces a una recuperaci\u00f3n de archivos confidenciales del servidor del backend, por ejemplo, /etc/passwd, archivos de la base de datos SQLite, c\u00f3digo fuente PHP, etc"}], "lastModified": "2021-01-22T16:14:46.427", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:flatcore:flatcore:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "295D969A-0491-4679-8414-BDCCA13B7563", "versionEndIncluding": "2.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}