Skip to content

ImpressCMS Path Traversal to Arbitrary File Delete

Moderate severity GitHub Reviewed Published May 17, 2022 to the GitHub Advisory Database • Updated Aug 16, 2023

Package

composer impresscms/impresscms (Composer)

Affected versions

< 1.3.6

Patched versions

1.3.6

Description

Absolute path traversal vulnerability in htdocs/libraries/image-editor/image-edit.php in ImpressCMS before 1.3.6 allows remote attackers to delete arbitrary files via a full pathname in the image_path parameter in a cancel action.

References

Published by the National Vulnerability Database Jul 1, 2015
Published to the GitHub Advisory Database May 17, 2022
Reviewed Aug 16, 2023
Last updated Aug 16, 2023

Severity

Moderate

EPSS score

15.776%
(96th percentile)

Weaknesses

CVE ID

CVE-2014-1836

GHSA ID

GHSA-wcj4-ff9m-5r7g

Source code

No known source code
Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.