Directory Traversal Vulnerability in ImpressCMS by ImpressCMS
CVE-2012-0987

Currently unrated

Key Information:

Vendor: Impresscms
Status: Impresscms
Vendor: CVE Published:; 6 October 2012

What is CVE-2012-0987?

A directory traversal vulnerability exists in edituser.php of ImpressCMS versions prior to 1.2.7 Final and 1.3.1 Final. This flaw allows remote authenticated users to exploit the system by manipulating the icmsConfigPlugins[sanitizer_plugins][] parameter. By using the .. (dot dot) sequence, attackers can potentially include and execute arbitrary local files on the server, leading to severe security implications and unauthorized data access.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/72146

vdb-entryx_refsource_XF

http://www.securityfocus.com/bid/51268

vdb-entryx_refsource_BID

https://www.htbridge.com/advisory/HTB23064

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 6, 2012
Vulnerability Reserved
Feb 2, 2012

CVE-2012-0987 Data

JSON

Impresscms

What is CVE-2012-0987?

References

Timeline