CVE-2012-0987

high

Description

Directory traversal vulnerability in edituser.php in ImpressCMS 1.2.x before 1.2.7 Final and 1.3.x before 1.3.1 Final allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the icmsConfigPlugins[sanitizer_plugins][] parameter.

References

https://www.htbridge.com/advisory/HTB23064

https://exchange.xforce.ibmcloud.com/vulnerabilities/72146

http://www.securityfocus.com/bid/51268

http://secunia.com/advisories/47448

http://community.impresscms.org/modules/smartsection/item.php?itemid=579

Details

Source: Mitre, NVD

Published: 2012-10-06

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 6

Vector: CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.02741