CVE-2014-1836
ImpressCMS <1.3.6 - Path Traversal
Title source: llmDescription
Absolute path traversal vulnerability in htdocs/libraries/image-editor/image-edit.php in ImpressCMS before 1.3.6 allows remote attackers to delete arbitrary files via a full pathname in the image_path parameter in a cancel action.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Pedro Ribeiro · textwebappsphp
https://www.exploit-db.com/exploits/31431
References (5)
Scores
EPSS
0.1854
EPSS Percentile
95.3%
Details
CWE
CWE-22
Status
published
Products (2)
impresscms/impresscms
< 1.3.5
impresscms/impresscms
0 - 1.3.6Packagist
Published
Jul 01, 2015
Tracked Since
Feb 18, 2026