{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-09T14:32:02.705","vulnerabilities":[{"cve":{"id":"CVE-2021-43836","sourceIdentifier":"security-advisories@github.com","published":"2021-12-15T20:15:08.733","lastModified":"2024-11-21T06:29:53.840","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Sulu is an open-source PHP content management system based on the Symfony framework. In affected versions an attacker can read arbitrary local files via a PHP file include. In a default configuration this also leads to remote code execution. The problem is patched with the Versions 1.6.44, 2.2.18, 2.3.8, 2.4.0. For users unable to upgrade overwrite the service `sulu_route.generator.expression_token_provider` and wrap the translator before passing it to the expression language."},{"lang":"es","value":"Sulu es un sistema de administración de contenidos PHP de código abierto basado en el framework Symfony. En las versiones afectadas, un atacante puede leer archivos locales arbitrarios por medio de una inclusión de archivos PHP. En una configuración por defecto esto también conlleva a una ejecución de código remota. El problema está parcheado con las versiones 1.6.44, 2.2.18, 2.3.8, 2.4.0. Para usuarios que no puedan actualizar sobrescribir el servicio \"sulu_route.generator.expression_token_provider\" y envolver el traductor antes de pasarlo al lenguaje de expresión"}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":6.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:sulu:sulu:*:*:*:*:*:*:*:*","versionEndExcluding":"1.6.44","matchCriteriaId":"838D4309-D6D9-4884-B6C7-F4529DD7AD68"},{"vulnerable":true,"criteria":"cpe:2.3:a:sulu:sulu:*:*:*:*:*:*:*:*","versionStartIncluding":"2.0.0","versionEndExcluding":"2.2.18","matchCriteriaId":"7B6E9B64-0B43-40AD-B0B4-C8BA5EEA6F31"},{"vulnerable":true,"criteria":"cpe:2.3:a:sulu:sulu:*:*:*:*:*:*:*:*","versionStartIncluding":"2.3.0","versionEndExcluding":"2.3.8","matchCriteriaId":"354C0B42-D950-497B-B3B7-09EA07063564"},{"vulnerable":true,"criteria":"cpe:2.3:a:sulu:sulu:2.4.0:rc1:*:*:*:*:*:*","matchCriteriaId":"2889EBAA-7A15-436C-9658-CA67F7122DC1"}]}]}],"references":[{"url":"https://github.com/sulu/sulu/commit/9c948f9ce350c68b53af8c3910e2cefc7f722b54","source":"security-advisories@github.com","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/sulu/sulu/security/advisories/GHSA-vx6j-pjrh-vgjh","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://github.com/sulu/sulu/commit/9c948f9ce350c68b53af8c3910e2cefc7f722b54","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/sulu/sulu/security/advisories/GHSA-vx6j-pjrh-vgjh","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}