CVE-2018-19789

MEDIUM Year: 2018
CVSS v3 Score
5.3
Medium
CVSS v2 Score
5.0
Medium
Weakness Type
CWE-434
View all →

Vulnerability Description

An issue was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9, and 4.2.x before 4.2.1. When using the scalar type hint `string` in a setter method (e.g. `setName(string $name)`) of a class that's the `data_class` of a form, and when a file upload is submitted to the corresponding field instead of a normal text input, then `UploadedFile::__toString()` is called which will then return and disclose the path of the uploaded file. If combined with a local file inclusion issue in certain circumstances this could escalate it to a Remote Code Execution.

Related Vulnerabilities

CVE-2018-16821

MEDIUM
CVSS:5.3(Medium)

SeaCMS 6.64 allows arbitrary directory listing via upload/admin/admin_template.php?path=../templets/../../ requests.

CWE-4342018

CVE-2021-29022

MEDIUM
CVSS:5.3(Medium)

In InvoicePlane 1.5.11, the upload feature discloses the full path of the file upload directory.

CWE-4342021

CVE-2023-38330

MEDIUM
CVSS:5.3(Medium)

OXID eShop Enterprise Edition 6.5.0 – 6.5.2 before 6.5.3 allows uploading files with modified headers in the administration area. An attacker can upload a file with a modified header to create a HTTP ...

CWE-4342023

CVE-2023-40183

MEDIUM
CVSS:5.3(Medium)

DataEase is an open source data visualization and analysis tool. Prior to version 1.18.11, DataEase has a vulnerability that allows an attacker to to obtain user cookies. The program only uses the `Im...

CWE-4342023

CVE-2023-44962

MEDIUM
CVSS:5.3(Medium)

File Upload vulnerability in Koha Library Software 23.05.04 and before allows a remote attacker to read arbitrary files via the upload-cover-image.pl component.

CWE-4342023