Plattform
php
Komponente
concrete5/core
Behoben in
8.5.9
9.1.0
CVE-2022-30117 is a critical Path Traversal vulnerability affecting concrete5/core versions up to 9.0.2. This flaw allows attackers to potentially delete arbitrary files within the CMS, leading to system instability or data loss. The vulnerability resides in the file upload functionality and has been remediated in version 9.1.0 through input sanitization and logic changes.
The primary impact of CVE-2022-30117 is the potential for arbitrary file deletion. An attacker exploiting this vulnerability could delete critical system files, configuration files, or user data, effectively disrupting the concrete5 installation or compromising sensitive information. The ability to delete files grants a significant level of control over the affected system. While the CVSS score reflects a high impact, the attack requires high privileges and is not easily exploitable, requiring an authenticated user to manipulate the file upload process. This vulnerability shares similarities with other path traversal exploits where attackers leverage predictable file system structures to gain unauthorized access or modify system resources.
CVE-2022-30117 was disclosed on June 25, 2022, following a report from Siebene. While no active exploitation campaigns have been publicly confirmed, the vulnerability's critical severity and potential impact warrant immediate attention. The vulnerability is not currently listed on the CISA KEV catalog. Public proof-of-concept exploits are available, increasing the risk of exploitation.
Organizations running concrete5/core versions 8.5.7 and below, as well as versions 9.0 through 9.0.2, are at significant risk. Shared hosting environments using concrete5 are particularly vulnerable due to the potential for cross-site contamination. Users who have implemented custom file upload scripts without proper validation are also at increased risk.
• php: Examine web server access logs for requests to /index.php/ccm/system/file/upload containing suspicious characters like .. or absolute paths.
grep '../ccm/system/file/upload' /var/log/apache2/access.log• php: Check the concrete5 installation directory for unusual files or modifications.
find /path/to/concrete5 -type f -mtime -7 -print• generic web: Monitor file upload endpoints for unexpected file extensions or sizes. • generic web: Review application code for insecure file handling practices, particularly in file upload routines.
disclosure
patch
Exploit-Status
EPSS
0.72% (72% Perzentil)
CVSS-Vektor
The primary mitigation for CVE-2022-30117 is to immediately upgrade concrete5/core to version 9.1.0 or later. If upgrading is not immediately feasible, consider implementing strict file upload validation on the server-side to prevent malicious file names. Web application firewalls (WAFs) configured with rules to block path traversal attempts targeting the /index.php/ccm/system/file/upload endpoint can provide an additional layer of defense. Regularly review file permissions and ensure that the concrete5 installation directory is not publicly writable. After upgrading, confirm the fix by attempting a file upload with a path traversal payload (e.g., ../../../../etc/passwd) and verifying that the upload fails with an appropriate error message.
Aktualisieren Sie Concrete CMS auf Version 8.5.8 oder höher oder auf Version 9.1.0 oder höher. Dies behebt die Pfadtraversierungs-Schwachstelle im Dateiupload-Komponente.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2022-30117 is a critical Path Traversal vulnerability in concrete5/core versions up to 9.0.2, allowing attackers to potentially delete arbitrary files.
If you are running concrete5/core versions 8.5.7 and below, or versions 9.0 through 9.0.2, you are affected by this vulnerability.
Upgrade to concrete5/core version 9.1.0 or later to remediate the vulnerability. Implement file upload validation as a temporary workaround.
While no active exploitation campaigns have been publicly confirmed, the vulnerability's severity and available proof-of-concept exploits suggest a potential risk.
Refer to the official concrete5 security advisory for detailed information and updates: https://www.concretecms.com/blog/concrete5-security-advisory-cve-2022-30117/
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.