Multiple vulnerabilities in ImpressCMS
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2012-0986 CVE-2012-0987 |
| CWE-ID | CWE-79 CWE-22 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
ImpressCMS Web applications / CMS |
| Vendor | The ImpressCMS Project |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Cross-site scripting
EUVDB-ID: #VU43425
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2012-0986
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionVulnerability allows a remote attacker to perform XSS attacks.
The vulnerability is caused by an input validation error in ImpressCMS 1.2.x before 1.2.7 Final and 1.3.x before 1.3.1 Final when processing the PATH_INFO to (1) notifications.php, (2) modules/system/admin/images/browser.php, and (3) modules/content/admin/content.php. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in victim's browser in security context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationInstall update from vendor's website.
Vulnerable software versionsImpressCMS: 1.2 - 1.3
External linkshttp://archives.neohapsis.com/archives/bugtraq/2012-01/0022.html
http://community.impresscms.org/modules/smartsection/item.php?itemid=579
http://secunia.com/advisories/47448
http://www.osvdb.org/78140
http://www.osvdb.org/78141
http://www.osvdb.org/78142
http://www.securityfocus.com/bid/51268
http://exchange.xforce.ibmcloud.com/vulnerabilities/72145
http://www.htbridge.com/advisory/HTB23064
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Path traversal
EUVDB-ID: #VU43426
Risk: Low
CVSSv3.1: 5.5 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2012-0987
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences in edituser.php in ImpressCMS 1.2.x before 1.2.7 Final and 1.3.x before 1.3.1 Final. A remote authenticated attacker can send a specially crafted HTTP request and remote authenticated users to include and execute arbitrary local files via a . (dot dot) in the icmsConfigPlugins[sanitizer_plugins][] parameter.
MitigationInstall update from vendor's website.
Vulnerable software versionsImpressCMS: 1.2 - 1.3
External linkshttp://archives.neohapsis.com/archives/bugtraq/2012-01/0022.html
http://community.impresscms.org/modules/smartsection/item.php?itemid=579
http://secunia.com/advisories/47448
http://www.osvdb.org/78143
http://www.securityfocus.com/bid/51268
http://exchange.xforce.ibmcloud.com/vulnerabilities/72146
http://www.htbridge.com/advisory/HTB23064
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
