Cloud Vulnerability DB
An open project to list all known cloud vulnerabilities and Cloud Service Provider security issues
Vulnerability DatabaseGHSA-3vwr-jj4f-h98x
GHSA-3vwr-jj4f-h98x:
PHP vulnerability analysis and mitigation
Overview
The vulnerability (EZSA-2020-001) is a remote code execution (RCE) vulnerability in eZ Platform and eZ Publish Legacy's file upload handling mechanism. The issue was discovered and disclosed on March 3, 2020, affecting multiple versions including ezsystems/ezpublish-kernel (v7.5.6, v6.13.6, v5.4.14) and ezsystems/ezpublish-legacy (v2019.03.4, v2017.12.7, v5.4.14). The vulnerability was patched in versions v7.5.6.2, v6.13.6.2, v5.4.14.1 for ezpublish-kernel and v2019.03.4.2, v2017.12.7.2, v5.4.14.1 for ezpublish-legacy (EZ Platform).
Technical details
The vulnerability exists in the file upload handling mechanism where certain configurations could allow execution of uploaded PHP files. The issue primarily affects systems that don't implement the recommended vhost configuration. The vulnerability is particularly concerning in PHP's built-in webserver, which doesn't use the protective configuration by default. The security fix implemented a blacklist feature for uploaded filenames, blocking potentially dangerous file extensions including php, php3, phar, phpt, pht, phtml, and pgif. Additionally, protection against path traversal attacks was implemented, though this attack vector wasn't reproducible in testing (EZ Platform).
Impact
The vulnerability could lead to remote code execution, which is considered a severe security threat. However, the impact is limited by the requirement that an attacker would need access to file upload functionality to exploit the vulnerability. Systems using the recommended vhost configuration were largely protected from exploitation (EZ Platform).
Mitigation and workarounds
The primary mitigation is to update to the patched versions. For Nginx users, implementing the recommended vhost configuration (as specified in v2.5) provides protection by ensuring only app.php in the web root is executed. Similar protection exists for Apache users following the recommended configuration. The security update also introduced a configurable blacklist feature for uploaded filenames, which can be found in ezsettings.default.io.filestorage.filetype_blacklist for eZ Platform and FileExtensionBlackList in settings/file.ini for eZ Publish Legacy (EZ Platform).
Additional resources
Source: This report was generated using AI
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Get a personalized demo
Ready to see Wiz in action?
“Best User Experience I have ever seen, provides full visibility to cloud workloads.”
David EstlickCISO
“Wiz provides a single pane of glass to see what is going on in our cloud environments.”
Adam FletcherChief Security Officer
“We know that if Wiz identifies something as critical, it actually is.”
Greg PoniatowskiHead of Threat and Vulnerability Management