oss-sec mailing list archives
Re: CVE request: impressCMS 1.3.5 arbitrary file deletion and XSS
From: Pedro Ribeiro <pedrib () gmail com>
Date: Mon, 3 Feb 2014 00:19:47 +0000
On 31 January 2014 15:14, <cve-assign () mitre org> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1https://github.com/pedrib/PoC/blob/master/ImpressCMS/impresscms-1.3.5.txt ImpressCMS 1.3.5 vulnerabilitiesVulnerability: Deletion of arbitrary files in the system File(line): /impresscms/htdocs/libraries/image-editor/image-edit.php(62) if (file_exists ( $image_path )) { @unlink ( $image_path ); 192.168.56.101/impresscms/htdocs/libraries/image-editor/image-edit.php?op=cancel&image_path=/pathUse CVE-2014-1836 for this deletion issue. CVE assignment for the XSS issues requires that there is a possible configuration in which the issues are exploitable. (If they are not exploitable, but the vendor made applicable code changes anyway for security hardening, a CVE assignment won't be made.) - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJS67y5AAoJEKllVAevmvmszHUH/21NY3Vv27aVdUxIxy9H7gV5 f/nTg+D/exE7PX1Z7WHnt+cQNDCPDcMUZJcNTa9ZWHHrBNHOGjbKHDczPmPhcxs/ WhDlgrWOgJJ/DXWg49MSXOWPHD3NlBzvrd/XthjncgQbj0xZ4wHlQ/8JNKklppHU v8OH1KoaVeX2SwDIIpe/kZWYatxRKWZ2m8I7JrPKmCkJVx1ksoqW3Q1p5s2PXmoP FW5FAiGMlu1kansIQxiJXIMswZbzULD76l2dp4cSYls9EYMrptrrbxlWD8zqwPHA jou3xOS8UoDDxUB7hil/lR4vXwpF5O/PIGqmAd3Ie4vPCSnUunNNnYprmnGwafU= =YGh+ -----END PGP SIGNATURE-----
Thank you. If anyone cares, the advisory is now at https://github.com/pedrib/PoC/blob/master/impresscms-1.3.5.txt. Regards, Pedro
Current thread:
- CVE request: impressCMS 1.3.5 arbitrary file deletion and XSS Pedro Ribeiro (Jan 31)
- Re: CVE request: impressCMS 1.3.5 arbitrary file deletion and XSS cve-assign (Jan 31)
- Re: CVE request: impressCMS 1.3.5 arbitrary file deletion and XSS Pedro Ribeiro (Feb 02)
- Re: CVE request: impressCMS 1.3.5 arbitrary file deletion and XSS cve-assign (Jan 31)