CVE-2012-0987 Information
Feb 14, 2021
cve
Description
Directory traversal vulnerability in edituser.php in ImpressCMS 1.2.x before 1.2.7 Final and 1.3.x before 1.3.1 Final allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the icmsConfigPlugins[sanitizer_plugins][] parameter.
Reference
http://archives.neohapsis.com/archives/bugtraq/2012-01/0022.html http://community.impresscms.org/modules/smartsection/item.php?itemid=579 http://secunia.com/advisories/47448 http://www.osvdb.org/78143 http://www.securityfocus.com/bid/51268 https://exchange.xforce.ibmcloud.com/vulnerabilities/72146 https://www.htbridge.com/advisory/HTB23064
Share on: