Back to search
CVE-2012-0987
Published: Oct 6, 2012
Modified: Aug 6, 2024
PUBLISHED
Description
Directory traversal vulnerability in edituser.php in ImpressCMS 1.2.x before 1.2.7 Final and 1.3.x before 1.3.1 Final allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the icmsConfigPlugins[sanitizer_plugins][] parameter.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
impresscms-edituser-file-include(72146)
vdb-entry
x_refsource_XF
51268
vdb-entry
x_refsource_BID
https://www.htbridge.com/advisory/HTB23064
x_refsource_MISC
http://community.impresscms.org/modules/smartsection/item.php?itemid=579
x_refsource_CONFIRM
78143
vdb-entry
x_refsource_OSVDB
47448
third-party-advisory
x_refsource_SECUNIA
20120104 Multiple vulnerabilities in ImpressCMS
mailing-list
x_refsource_BUGTRAQ
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now