Miggo Logo

CVE-2014-1836: ImpressCMS Path Traversal to Arbitrary File Delete

6.4

CVSS Score

Basic Information

EPSS Score
0.94863%
Published
5/17/2022
Updated
8/16/2023
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
AV:N/AC:L/Au:N/C:N/I:P/A:P
Package NameEcosystemVulnerable VersionsFirst Patched Version
impresscms/impresscmscomposer< 1.3.61.3.6

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability occurs in htdocs/libraries/image-editor/image-edit.php where the 'image_path'/'image_temp' parameter is used unsafely in unlink() calls. However, the vulnerable code resides in the main script execution flow rather than within a named function or class method. PHP's global scope execution (represented as '{main}' in stack traces) doesn't provide a specific function signature. The file path and parameter handling are key indicators, but no discrete function names are identifiable from the provided patch descriptions.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

**solut* p*t* tr*v*rs*l vuln*r**ility in `*t*o*s/li*r*ri*s/im***-**itor/im***-**it.p*p` in Impr*ss*MS ***or* *.*.* *llows r*mot* *tt**k*rs to **l*t* *r*itr*ry *il*s vi* * *ull p*t*n*m* in t** `im***_p*t*` p*r*m*t*r in * **n**l **tion.

Reasoning

T** vuln*r**ility o**urs in *t*o*s/li*r*ri*s/im***-**itor/im***-**it.p*p w**r* t** 'im***_p*t*'/'im***_t*mp' p*r*m*t*r is us** uns***ly in unlink() **lls. *ow*v*r, t** vuln*r**l* *o** r*si**s in t** m*in s*ript *x**ution *low r*t**r t**n wit*in * n*m