← back
CVE-2014-1836

CVE-2014-1836

EPSS 3.7%
Absolute path traversal vulnerability in htdocs/libraries/image-editor/image-edit.php in ImpressCMS before 1.3.6 allows remote attackers to delete arbitrary files via a full pathname in the image_path parameter in a cancel action.
Affected products
n/a · n/a
public PoCs found1
exploitdbwww.exploit-db.com/exploits/31431unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://community.impresscms.org/modules/smartsection/item.php?itemid=675http://osvdb.org/show/osvdb/102770http://seclists.org/fulldisclosure/2014/Feb/14https://github.com/pedrib/PoC/blob/master/generic/impresscms-1.3.5.txthttp://www.securityfocus.com/bid/65279