#VU43426 Path traversal in ImpressCMS
Vulnerability identifier: #VU43426
Vulnerability risk: Low
CVSSv3.1: 5.5 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-22
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
ImpressCMS
Web applications /
CMS
Vendor: The ImpressCMS Project
Description
The vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences in edituser.php in ImpressCMS 1.2.x before 1.2.7 Final and 1.3.x before 1.3.1 Final. A remote authenticated attacker can send a specially crafted HTTP request and remote authenticated users to include and execute arbitrary local files via a . (dot dot) in the icmsConfigPlugins[sanitizer_plugins][] parameter.
Mitigation
Install update from vendor's website.
Vulnerable software versions
ImpressCMS: 1.2 - 1.3
External links
http://archives.neohapsis.com/archives/bugtraq/2012-01/0022.html
http://community.impresscms.org/modules/smartsection/item.php?itemid=579
http://secunia.com/advisories/47448
http://www.osvdb.org/78143
http://www.securityfocus.com/bid/51268
http://exchange.xforce.ibmcloud.com/vulnerabilities/72146
http://www.htbridge.com/advisory/HTB23064
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
