CVE-2014-1836
EPSS 18.5%ImpressCMS Path Traversal to Arbitrary File Delete
發布日:2022/5/17修改日:2023/11/8
描述
Absolute path traversal vulnerability in `htdocs/libraries/image-editor/image-edit.php` in ImpressCMS before 1.3.6 allows remote attackers to delete arbitrary files via a full pathname in the `image_path` parameter in a cancel action.
受影響套件(1)
- Packagist/impresscms/impresscmsfrom 0, < 1.3.6
參考連結(6)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2014-1836
- WEBhttp://community.impresscms.org/modules/smartsection/item.php?itemid=675
- WEBhttp://seclists.org/fulldisclosure/2014/Feb/14
- WEBhttps://github.com/ImpressCMS/impresscms/issues/914
- WEBhttps://github.com/pedrib/PoC/blob/master/generic/impresscms-1.3.5.txt
- WEBhttps://web.archive.org/web/20200228234251/http://www.securityfocus.com/bid/65279