CVE-2014-1836

ImpressCMS < 1.3.6 - Path Traversal and Arbitrary File Deletion via Image Path Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-1836. PoCs published by Pedro Ribeiro.

AI-analyzed exploit summary The exploit demonstrates an arbitrary file deletion vulnerability and two XSS vulnerabilities in ImpressCMS 1.3.5. The file deletion is achieved via a crafted POST request to `image-edit.php`, while the XSS issues are present in `misc.php` and `admin.php` due to improper input sanitization.

Description

Absolute path traversal vulnerability in htdocs/libraries/image-editor/image-edit.php in ImpressCMS before 1.3.6 allows remote attackers to delete arbitrary files via a full pathname in the image_path parameter in a cancel action.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Pedro Ribeiro · textwebappsphp
https://www.exploit-db.com/exploits/31431

The exploit demonstrates an arbitrary file deletion vulnerability and two XSS vulnerabilities in ImpressCMS 1.3.5. The file deletion is achieved via a crafted POST request to `image-edit.php`, while the XSS issues are present in `misc.php` and `admin.php` due to improper input sanitization.

Classification
Working Poc 90%
Attack Type
Xss | Other
Complexity
Trivial
Reliability
Reliable
Target: ImpressCMS 1.3.5
No auth needed
Prerequisites: Access to the target ImpressCMS instance
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Mailing List mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2014/Feb/14
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/65279
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/show/osvdb/102770

Scores

EPSS 0.1854
EPSS Percentile 95.4%

Details

CWE
CWE-22
Status published
Products (2)
impresscms/impresscms < 1.3.5
impresscms/impresscms 0 - 1.3.6Packagist
Published Jul 01, 2015
Tracked Since Feb 18, 2026