Path traversal in ImpressCMS - CVE-2012-0987
Published: October 7, 2012 / Updated: July 6, 2023
Vulnerability identifier: #VU43426
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2012-0987
CWE-ID: CWE-22
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: The ImpressCMS Project
Affected software:
ImpressCMS
ImpressCMS
Detailed vulnerability description
The vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences in edituser.php in ImpressCMS 1.2.x before 1.2.7 Final and 1.3.x before 1.3.1 Final. A remote authenticated attacker can send a specially crafted HTTP request and remote authenticated users to include and execute arbitrary local files via a . (dot dot) in the icmsConfigPlugins[sanitizer_plugins][] parameter.
How to mitigate CVE-2012-0987
Install update from vendor's website.
Sources
- http://archives.neohapsis.com/archives/bugtraq/2012-01/0022.html
- http://community.impresscms.org/modules/smartsection/item.php?itemid=579
- http://secunia.com/advisories/47448
- http://www.osvdb.org/78143
- http://www.securityfocus.com/bid/51268
- https://exchange.xforce.ibmcloud.com/vulnerabilities/72146
- https://www.htbridge.com/advisory/HTB23064