cbcvebase.
CVE-2014-1836
published 2015-07-01

CVE-2014-1836: Absolute path traversal vulnerability in htdocs/libraries/image-editor/image-edit.php in ImpressCMS before 1.3.6 allows remote attackers to delete arbitrary…

PriorityP342medium6.4CVSS 2.0
AVNACLAuNCNIPAP
EXPLOIT
EPSS
3.71%
88.4th percentile
Absolute path traversal vulnerability in htdocs/libraries/image-editor/image-edit.php in ImpressCMS before 1.3.6 allows remote attackers to delete arbitrary files via a full pathname in the image_path parameter in a cancel action.

Affected

2 ranges
VendorProductVersion rangeFixed in
impresscmsimpresscms<= 1.3.5
impresscmsimpresscms>= 0 < 1.3.61.3.6
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.