Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 01/07/2015 Updated: 02/07/2015

CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10

VMScore: 645

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P

Absolute path traversal vulnerability in htdocs/libraries/image-editor/image-edit.php in ImpressCMS prior to 1.3.6 allows remote malicious users to delete arbitrary files via a full pathname in the image_path parameter in a cancel action.

Vulnerable Product	Search on Vulmon	Subscribe to Product
impresscms impresscms

I have discovered two vulnerabilities in ImpressCMS These have been fixed in the new 136 version, which you can get at sourceforgenet/projects/impresscms/files/ImpressCMS%20Official%20Releases/ImpressCMS%2013%20Branch/ImpressCMS%20136/ One is an arbitrary file deletion and the other is two cross site scripting issues Note that I w ...

CWE-22 http://osvdb.org/show/osvdb/102770 http://community.impresscms.org/modules/smartsection/item.php?itemid=675 http://seclists.org/fulldisclosure/2014/Feb/14 http://www.securityfocus.com/bid/65279 https://github.com/pedrib/PoC/blob/master/generic/impresscms-1.3.5.txt https://nvd.nist.gov https://www.exploit-db.com/exploits/31431/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2014-1836

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect