Directory traversal vulnerability in edituser.php in ImpressCMS 1.2.x prior to 1.2.7 Final and 1.3.x prior to 1.3.1 Final allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the icmsConfigPlugins[sanitizer_plugins][] parameter.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
impresscms impresscms 1.2.3 |
||
impresscms impresscms 1.2 |
||
impresscms impresscms 1.2.1 |
||
impresscms impresscms 1.3 |
||
impresscms impresscms 1.2.4 |
||
impresscms impresscms 1.2.5 |
||
impresscms impresscms 1.2.6 |