Description
Directory traversal vulnerability in edituser.php in ImpressCMS 1.2.x before 1.2.7 Final and 1.3.x before 1.3.1 Final allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the icmsConfigPlugins[sanitizer_plugins][] parameter.
References (7)
Core 7
Core References
Vendor Advisory x_refsource_misc
https://www.htbridge.com/advisory/HTB23064
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/72146
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/51268
Patch, Vendor Advisory x_refsource_confirm
http://community.impresscms.org/modules/smartsection/item.php?itemid=579
Exploit vdb-entry
x_refsource_osvdb
http://www.osvdb.org/78143
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/47448
Exploit mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2012-01/0022.html
Scores
EPSS
0.0152
EPSS Percentile
71.5%
Details
CWE
CWE-22
Status
published
Products (7)
impresscms/impresscms
1.2 alpha1 (6 CPE variants)
impresscms/impresscms
1.2.1 beta (3 CPE variants)
impresscms/impresscms
1.2.3 beta (4 CPE variants)
impresscms/impresscms
1.2.4 final
impresscms/impresscms
1.2.5 final
impresscms/impresscms
1.2.6 final
impresscms/impresscms
1.3
Published
Oct 06, 2012
Tracked Since
Feb 18, 2026