Absolute path traversal vulnerability in htdocs/libraries/image-editor/image-edit.php in ImpressCMS before 1.3.6 allows remote attackers to delete arbitrary files via a full pathname in the image_path parameter in a cancel action.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2015-07-01T14:00:00
Updated: 2015-07-01T13:57:01
Reserved: 2014-01-30T00:00:00
Link: CVE-2014-1836
JSON object: View
NVD Information
Status : Analyzed
Published: 2015-07-01T14:59:01.533
Modified: 2015-07-02T17:26:16.850
Link: CVE-2014-1836
JSON object: View
Redhat Information
No data.
CWE