Vulnerability Description
Absolute path traversal vulnerability in htdocs/libraries/image-editor/image-edit.php in ImpressCMS before 1.3.6 allows remote attackers to delete arbitrary files via a full pathname in the image_path parameter in a cancel action.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Impresscms | Impresscms | <= 1.3.5 |
Related Weaknesses (CWE)
References
- http://community.impresscms.org/modules/smartsection/item.php?itemid=675Vendor Advisory
- http://osvdb.org/show/osvdb/102770
- http://seclists.org/fulldisclosure/2014/Feb/14
- http://www.securityfocus.com/bid/65279
- https://github.com/pedrib/PoC/blob/master/generic/impresscms-1.3.5.txtExploit
- http://community.impresscms.org/modules/smartsection/item.php?itemid=675Vendor Advisory
- http://osvdb.org/show/osvdb/102770
- http://seclists.org/fulldisclosure/2014/Feb/14
- http://www.securityfocus.com/bid/65279
- https://github.com/pedrib/PoC/blob/master/generic/impresscms-1.3.5.txtExploit
FAQ
What is CVE-2014-1836?
CVE-2014-1836 is a vulnerability with a CVSS score of 6.4 (MEDIUM). Absolute path traversal vulnerability in htdocs/libraries/image-editor/image-edit.php in ImpressCMS before 1.3.6 allows remote attackers to delete arbitrary files via a full pathname in the image_path...
How severe is CVE-2014-1836?
CVE-2014-1836 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-1836?
Check the references section above for vendor advisories and patch information. Affected products include: Impresscms Impresscms.