CVE-2012-0987
Published Oct 6, 2012
Last updated 7 years ago
Overview
- Description
- Directory traversal vulnerability in edituser.php in ImpressCMS 1.2.x before 1.2.7 Final and 1.3.x before 1.3.1 Final allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the icmsConfigPlugins[sanitizer_plugins][] parameter.
- Source
- cve@mitre.org
- NVD status
- Modified
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 6
- Impact score
- 6.4
- Exploitability score
- 6.8
- Vector string
- AV:N/AC:M/Au:S/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-22
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:impresscms:impresscms:1.2:alpha1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D1562813-DF7E-44B4-B1A8-BA1D29EA36A0"
},
{
"criteria": "cpe:2.3:a:impresscms:impresscms:1.2:alpha2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E03BAC32-4EED-461D-9A3F-8950DDF9137B"
},
{
"criteria": "cpe:2.3:a:impresscms:impresscms:1.2:beta:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "10325A08-8E84-453E-AB40-FF77BEDDCE8D"
},
{
"criteria": "cpe:2.3:a:impresscms:impresscms:1.2:final:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "866FCF80-E8F4-4A13-B4CB-85FABB7EFCBF"
},
{
"criteria": "cpe:2.3:a:impresscms:impresscms:1.2:rc1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2D5B1D85-C58A-44C0-9F63-AA80F21F41A9"
},
{
"criteria": "cpe:2.3:a:impresscms:impresscms:1.2:rc2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A6BBB64A-A7AF-42A5-9987-ADE774EB4450"
},
{
"criteria": "cpe:2.3:a:impresscms:impresscms:1.2.1:beta:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FC070D86-BA9D-4C59-8A9F-EAF6BC8AB69E"
},
{
"criteria": "cpe:2.3:a:impresscms:impresscms:1.2.1:final:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F316CCA3-CCE8-4035-B960-A15287BE23BB"
},
{
"criteria": "cpe:2.3:a:impresscms:impresscms:1.2.1:rc1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "977FACD8-32A3-4763-ABEC-A8500DA0EA87"
},
{
"criteria": "cpe:2.3:a:impresscms:impresscms:1.2.3:beta:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "34A85AA9-8989-4D67-B64A-87D2A3589A10"
},
{
"criteria": "cpe:2.3:a:impresscms:impresscms:1.2.3:final:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F00634F3-707C-4C5E-AC49-87B472D83C19"
},
{
"criteria": "cpe:2.3:a:impresscms:impresscms:1.2.3:rc1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "680AD01C-40AF-4ABA-9214-059A72874FE0"
},
{
"criteria": "cpe:2.3:a:impresscms:impresscms:1.2.3:rc2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E1C7FF42-9CD7-4692-9FA0-17B59D82D952"
},
{
"criteria": "cpe:2.3:a:impresscms:impresscms:1.2.4:final:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4DC5894E-9EFE-4858-9EC7-18E89B01A117"
},
{
"criteria": "cpe:2.3:a:impresscms:impresscms:1.2.5:final:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DA31879B-D41E-4E14-91CD-4511E4A8E34F"
},
{
"criteria": "cpe:2.3:a:impresscms:impresscms:1.2.6:final:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C80928E3-8A4A-4155-9F97-DF96BBA10F19"
},
{
"criteria": "cpe:2.3:a:impresscms:impresscms:1.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "03CF5F6A-6B9D-4E10-B635-F02621110472"
}
],
"operator": "OR"
}
]
}
]