Description

uWSGI is a software application that "aims at developing a full stack for building hosting services".

The uWSGI PHP plugin before 2.0.17 is vulnerable to Path Traversal Vulnerability when used without specifying the php-allowed-docroot option.

The vulnerability exists due to improper validation of the file path when requesting a resource under the DOCUMENT_ROOT directory which is specified via php-docroot.

A remote attacker could exploit this weakness to read arbitrary files from the vulnerable system using path traversal sequences (..%2f).

Remediation

Upgrade to the latest version uWSGI. This vulnerability was fixed in uWSGI version 2.0.17.

References

uWSGI PHP Plugin Directory Traversal

uWSGI 2.0.17

Related Vulnerabilities

Apache HTTP Server Insecure Path Normalization (CVE-2021-41773, CVE-2021-42013)

WebLogic Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2021-29425)

Play Framework Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2018-13864)

WordPress Plugin WordPress Infinite Scroll-Ajax Load More Directory Traversal (5.5.4)

WordPress Plugin WP e-Commerce Shop Styling Local File Inclusion (2.9.1)

Severity

High

Classification

CVE-2018-7490 CWE-22 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Directory Traversal