3 matches found
CVE-2021-26601
ImpressCMS prior to 1.4.3 contains a directory traversal flaw in libraries/image-editor/image-edit.php via the image_temp parameter. Multiple connected sources (RH/CVE-2021-26601, GHSA-4Q96-9F63-P7JJ, OSV, CNVD) confirm a path traversal vulnerability affecting this script. Reported impact include...
ImpressCMS 1.4.2 Path Traversal Vulnerability
----------------------------------------------------------------- ImpressCMS getVar 'imagename' 162. if @unlink ICMSIMANAGERFOLDERPATH . '/temp/' . $simagetemp 163. $msg = MDAMDBUPDATED; ... 190. else 191. if copy ICMSIMANAGERFOLDERPATH . '/temp/' . $simagetemp, $categpath . $imgname 192. @unlink...
ImpressCMS 1.4.2 Path Traversal
----------------------------------------------------------------- ImpressCMS getVar 'imagename' 162. if @unlink ICMSIMANAGERFOLDERPATH . '/temp/' . $simagetemp 163. $msg = MDAMDBUPDATED; ... 190. else 191. if copy ICMSIMANAGERFOLDERPATH . '/temp/' . $simagetemp, $categpath . $imgname 192. @unlink...