CVE-2014-1836
ImpressCMS Path Traversal to Arbitrary File Delete
EPSS 3.7%
Description
Absolute path traversal vulnerability in `htdocs/libraries/image-editor/image-edit.php` in ImpressCMS before 1.3.6 allows remote attackers to delete arbitrary files via a full pathname in the `image_path` parameter in a cancel action.
How to fix CVE-2014-1836
To remediate CVE-2014-1836, upgrade the affected package to a fixed version below.
- Packagist/impresscms/impresscms—upgrade to 1.3.6 or later
Is CVE-2014-1836 being exploited?
Low — EPSS is 3.7%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 1.3.6