Lucene search
HistoryJul 01, 2015 - 2:59 p.m.
CVE-2014-1836
cve
2014
1836
absolute path traversal
htdocs
libraries
image-editor
image-edit.php
impresscms
remote attackers
delete
arbitrary files
full pathname
image_path parameter
cancel action
6.8 Medium
AI Score
Confidence
Low
6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:P/A:P
0.151 Low
EPSS
Percentile
95.8%
Absolute path traversal vulnerability in htdocs/libraries/image-editor/image-edit.php in ImpressCMS before 1.3.6 allows remote attackers to delete arbitrary files via a full pathname in the image_path parameter in a cancel action.
| CPE | Name | Operator | Version |
|---|---|---|---|
| impresscms:impresscms | impresscms | le | 1.3.5 |
Related
github
github
ImpressCMS Path Traversal to Arbitrary File Delete
2022-05-17 04:12:03
packetstorm
packetstorm
ImpressCMS 1.3.5 XSS / File Deletion
2014-02-04 00:00:00
zdt
zdt
ImpressCMS 1.3.5 - Multiple Vulnerabilities
2014-02-05 00:00:00
osv
osv
ImpressCMS Path Traversal to Arbitrary File Delete
2022-05-17 04:12:03
cvelist
cvelist
CVE-2014-1836
2015-07-01 14:00:00
prion
prion
Path traversal
2015-07-01 14:59:00
6.8 Medium
AI Score
Confidence
Low
6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:P/A:P
0.151 Low
EPSS
Percentile
95.8%
Related for CVE-2014-1836