cvelistv5 - cve-2012-0987

cve-2012-0987

Vulnerability from cvelistv5

Published

2012-10-06 21:00

Modified

2024-08-06 18:45

Severity ?

Summary

Directory traversal vulnerability in edituser.php in ImpressCMS 1.2.x before 1.2.7 Final and 1.3.x before 1.3.1 Final allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the icmsConfigPlugins[sanitizer_plugins][] parameter.

References

URL	Tags
cve@mitre.org	http://archives.neohapsis.com/archives/bugtraq/2012-01/0022.html	Exploit
cve@mitre.org	http://community.impresscms.org/modules/smartsection/item.php?itemid=579	Patch, Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/47448	Vendor Advisory
cve@mitre.org	http://www.osvdb.org/78143	Exploit
cve@mitre.org	http://www.securityfocus.com/bid/51268
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/72146
cve@mitre.org	https://www.htbridge.com/advisory/HTB23064
af854a3a-2127-422b-91ae-364da2661108	http://archives.neohapsis.com/archives/bugtraq/2012-01/0022.html	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://community.impresscms.org/modules/smartsection/item.php?itemid=579	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/47448	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/78143	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/51268
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/72146
af854a3a-2127-422b-91ae-364da2661108	https://www.htbridge.com/advisory/HTB23064

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T18:45:25.982Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "impresscms-edituser-file-include(72146)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72146"
          },
          {
            "name": "51268",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/51268"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.htbridge.com/advisory/HTB23064"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://community.impresscms.org/modules/smartsection/item.php?itemid=579"
          },
          {
            "name": "78143",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/78143"
          },
          {
            "name": "47448",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/47448"
          },
          {
            "name": "20120104 Multiple vulnerabilities in ImpressCMS",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0022.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-12-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Directory traversal vulnerability in edituser.php in ImpressCMS 1.2.x before 1.2.7 Final and 1.3.x before 1.3.1 Final allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the icmsConfigPlugins[sanitizer_plugins][] parameter."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-11-30T15:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "impresscms-edituser-file-include(72146)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72146"
        },
        {
          "name": "51268",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/51268"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.htbridge.com/advisory/HTB23064"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://community.impresscms.org/modules/smartsection/item.php?itemid=579"
        },
        {
          "name": "78143",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/78143"
        },
        {
          "name": "47448",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/47448"
        },
        {
          "name": "20120104 Multiple vulnerabilities in ImpressCMS",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0022.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2012-0987",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Directory traversal vulnerability in edituser.php in ImpressCMS 1.2.x before 1.2.7 Final and 1.3.x before 1.3.1 Final allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the icmsConfigPlugins[sanitizer_plugins][] parameter."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "impresscms-edituser-file-include(72146)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72146"
            },
            {
              "name": "51268",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/51268"
            },
            {
              "name": "https://www.htbridge.com/advisory/HTB23064",
              "refsource": "MISC",
              "url": "https://www.htbridge.com/advisory/HTB23064"
            },
            {
              "name": "http://community.impresscms.org/modules/smartsection/item.php?itemid=579",
              "refsource": "CONFIRM",
              "url": "http://community.impresscms.org/modules/smartsection/item.php?itemid=579"
            },
            {
              "name": "78143",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/78143"
            },
            {
              "name": "47448",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/47448"
            },
            {
              "name": "20120104 Multiple vulnerabilities in ImpressCMS",
              "refsource": "BUGTRAQ",
              "url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0022.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2012-0987",
    "datePublished": "2012-10-06T21:00:00",
    "dateReserved": "2012-02-02T00:00:00",
    "dateUpdated": "2024-08-06T18:45:25.982Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2012-0987\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2012-10-06T21:55:03.707\",\"lastModified\":\"2024-11-21T01:36:05.580\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Directory traversal vulnerability in edituser.php in ImpressCMS 1.2.x before 1.2.7 Final and 1.3.x before 1.3.1 Final allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the icmsConfigPlugins[sanitizer_plugins][] parameter.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de salto de directorio en edituser.php en ImpressCMS v1.2.x anterior a v1.2.7 Final y v1.3.x anterior a v1.3.1 Final permite a usuarios remotos autenticados incluir y ejecutar ficheros locales arbitrarios mediante un .. (punto punto) en el par\u00e1metro icmsConfigPlugins[sanitizer_plugins][]\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:S/C:P/I:P/A:P\",\"baseScore\":6.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":6.8,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:impresscms:impresscms:1.2:alpha1:*:*:*:*:*:*\",\"matchCriteriaId\":\"D1562813-DF7E-44B4-B1A8-BA1D29EA36A0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:impresscms:impresscms:1.2:alpha2:*:*:*:*:*:*\",\"matchCriteriaId\":\"E03BAC32-4EED-461D-9A3F-8950DDF9137B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:impresscms:impresscms:1.2:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"10325A08-8E84-453E-AB40-FF77BEDDCE8D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:impresscms:impresscms:1.2:final:*:*:*:*:*:*\",\"matchCriteriaId\":\"866FCF80-E8F4-4A13-B4CB-85FABB7EFCBF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:impresscms:impresscms:1.2:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"2D5B1D85-C58A-44C0-9F63-AA80F21F41A9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:impresscms:impresscms:1.2:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"A6BBB64A-A7AF-42A5-9987-ADE774EB4450\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:impresscms:impresscms:1.2.1:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"FC070D86-BA9D-4C59-8A9F-EAF6BC8AB69E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:impresscms:impresscms:1.2.1:final:*:*:*:*:*:*\",\"matchCriteriaId\":\"F316CCA3-CCE8-4035-B960-A15287BE23BB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:impresscms:impresscms:1.2.1:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"977FACD8-32A3-4763-ABEC-A8500DA0EA87\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:impresscms:impresscms:1.2.3:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"34A85AA9-8989-4D67-B64A-87D2A3589A10\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:impresscms:impresscms:1.2.3:final:*:*:*:*:*:*\",\"matchCriteriaId\":\"F00634F3-707C-4C5E-AC49-87B472D83C19\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:impresscms:impresscms:1.2.3:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"680AD01C-40AF-4ABA-9214-059A72874FE0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:impresscms:impresscms:1.2.3:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"E1C7FF42-9CD7-4692-9FA0-17B59D82D952\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:impresscms:impresscms:1.2.4:final:*:*:*:*:*:*\",\"matchCriteriaId\":\"4DC5894E-9EFE-4858-9EC7-18E89B01A117\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:impresscms:impresscms:1.2.5:final:*:*:*:*:*:*\",\"matchCriteriaId\":\"DA31879B-D41E-4E14-91CD-4511E4A8E34F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:impresscms:impresscms:1.2.6:final:*:*:*:*:*:*\",\"matchCriteriaId\":\"C80928E3-8A4A-4155-9F97-DF96BBA10F19\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:impresscms:impresscms:1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"03CF5F6A-6B9D-4E10-B635-F02621110472\"}]}]}],\"references\":[{\"url\":\"http://archives.neohapsis.com/archives/bugtraq/2012-01/0022.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://community.impresscms.org/modules/smartsection/item.php?itemid=579\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/47448\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.osvdb.org/78143\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.securityfocus.com/bid/51268\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/72146\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.htbridge.com/advisory/HTB23064\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://archives.neohapsis.com/archives/bugtraq/2012-01/0022.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://community.impresscms.org/modules/smartsection/item.php?itemid=579\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/47448\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.osvdb.org/78143\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.securityfocus.com/bid/51268\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/72146\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.htbridge.com/advisory/HTB23064\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

gsd-2012-0987

Vulnerability from gsd

Modified

2023-12-13 01:20

Details

Aliases

CVE-2012-0987

Aliases

CVE-2012-0987

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2012-0987",
    "description": "Directory traversal vulnerability in edituser.php in ImpressCMS 1.2.x before 1.2.7 Final and 1.3.x before 1.3.1 Final allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the icmsConfigPlugins[sanitizer_plugins][] parameter.",
    "id": "GSD-2012-0987"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2012-0987"
      ],
      "details": "Directory traversal vulnerability in edituser.php in ImpressCMS 1.2.x before 1.2.7 Final and 1.3.x before 1.3.1 Final allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the icmsConfigPlugins[sanitizer_plugins][] parameter.",
      "id": "GSD-2012-0987",
      "modified": "2023-12-13T01:20:14.209911Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2012-0987",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Directory traversal vulnerability in edituser.php in ImpressCMS 1.2.x before 1.2.7 Final and 1.3.x before 1.3.1 Final allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the icmsConfigPlugins[sanitizer_plugins][] parameter."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "impresscms-edituser-file-include(72146)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72146"
          },
          {
            "name": "51268",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/51268"
          },
          {
            "name": "https://www.htbridge.com/advisory/HTB23064",
            "refsource": "MISC",
            "url": "https://www.htbridge.com/advisory/HTB23064"
          },
          {
            "name": "http://community.impresscms.org/modules/smartsection/item.php?itemid=579",
            "refsource": "CONFIRM",
            "url": "http://community.impresscms.org/modules/smartsection/item.php?itemid=579"
          },
          {
            "name": "78143",
            "refsource": "OSVDB",
            "url": "http://www.osvdb.org/78143"
          },
          {
            "name": "47448",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/47448"
          },
          {
            "name": "20120104 Multiple vulnerabilities in ImpressCMS",
            "refsource": "BUGTRAQ",
            "url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0022.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:impresscms:impresscms:1.2.3:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:impresscms:impresscms:1.2:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:impresscms:impresscms:1.2.3:final:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:impresscms:impresscms:1.2.1:beta:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:impresscms:impresscms:1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:impresscms:impresscms:1.2:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:impresscms:impresscms:1.2:beta:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:impresscms:impresscms:1.2.3:beta:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:impresscms:impresscms:1.2.4:final:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:impresscms:impresscms:1.2.3:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:impresscms:impresscms:1.2:final:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:impresscms:impresscms:1.2.5:final:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:impresscms:impresscms:1.2.6:final:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:impresscms:impresscms:1.2:alpha2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:impresscms:impresscms:1.2:alpha1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:impresscms:impresscms:1.2.1:final:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:impresscms:impresscms:1.2.1:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2012-0987"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Directory traversal vulnerability in edituser.php in ImpressCMS 1.2.x before 1.2.7 Final and 1.3.x before 1.3.1 Final allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the icmsConfigPlugins[sanitizer_plugins][] parameter."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-22"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20120104 Multiple vulnerabilities in ImpressCMS",
              "refsource": "BUGTRAQ",
              "tags": [
                "Exploit"
              ],
              "url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0022.html"
            },
            {
              "name": "47448",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/47448"
            },
            {
              "name": "51268",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/51268"
            },
            {
              "name": "http://community.impresscms.org/modules/smartsection/item.php?itemid=579",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://community.impresscms.org/modules/smartsection/item.php?itemid=579"
            },
            {
              "name": "78143",
              "refsource": "OSVDB",
              "tags": [
                "Exploit"
              ],
              "url": "http://www.osvdb.org/78143"
            },
            {
              "name": "impresscms-edituser-file-include(72146)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72146"
            },
            {
              "name": "https://www.htbridge.com/advisory/HTB23064",
              "refsource": "MISC",
              "tags": [],
              "url": "https://www.htbridge.com/advisory/HTB23064"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 6.8,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-12-01T02:29Z",
      "publishedDate": "2012-10-06T21:55Z"
    }
  }
}

ghsa-9gfm-wp7r-h4wp

Vulnerability from github

Published

2022-05-17 00:19

Modified

2022-05-17 00:19

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2012-0987"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2012-10-06T21:55:00Z",
    "severity": "MODERATE"
  },
  "details": "Directory traversal vulnerability in edituser.php in ImpressCMS 1.2.x before 1.2.7 Final and 1.3.x before 1.3.1 Final allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the icmsConfigPlugins[sanitizer_plugins][] parameter.",
  "id": "GHSA-9gfm-wp7r-h4wp",
  "modified": "2022-05-17T00:19:31Z",
  "published": "2022-05-17T00:19:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-0987"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72146"
    },
    {
      "type": "WEB",
      "url": "https://www.htbridge.com/advisory/HTB23064"
    },
    {
      "type": "WEB",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0022.html"
    },
    {
      "type": "WEB",
      "url": "http://community.impresscms.org/modules/smartsection/item.php?itemid=579"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/47448"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/78143"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/51268"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

fkie_cve-2012-0987

Vulnerability from fkie_nvd

Published

2012-10-06 21:55

Modified

2024-11-21 01:36

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://archives.neohapsis.com/archives/bugtraq/2012-01/0022.html	Exploit
cve@mitre.org	http://community.impresscms.org/modules/smartsection/item.php?itemid=579	Patch, Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/47448	Vendor Advisory
cve@mitre.org	http://www.osvdb.org/78143	Exploit
cve@mitre.org	http://www.securityfocus.com/bid/51268
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/72146
cve@mitre.org	https://www.htbridge.com/advisory/HTB23064
af854a3a-2127-422b-91ae-364da2661108	http://archives.neohapsis.com/archives/bugtraq/2012-01/0022.html	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://community.impresscms.org/modules/smartsection/item.php?itemid=579	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/47448	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/78143	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/51268
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/72146
af854a3a-2127-422b-91ae-364da2661108	https://www.htbridge.com/advisory/HTB23064

Impacted products

Vendor	Product	Version
impresscms	impresscms	1.2
impresscms	impresscms	1.2
impresscms	impresscms	1.2
impresscms	impresscms	1.2
impresscms	impresscms	1.2
impresscms	impresscms	1.2
impresscms	impresscms	1.2.1
impresscms	impresscms	1.2.1
impresscms	impresscms	1.2.1
impresscms	impresscms	1.2.3
impresscms	impresscms	1.2.3
impresscms	impresscms	1.2.3
impresscms	impresscms	1.2.3
impresscms	impresscms	1.2.4
impresscms	impresscms	1.2.5
impresscms	impresscms	1.2.6
impresscms	impresscms	1.3

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:impresscms:impresscms:1.2:alpha1:*:*:*:*:*:*",
              "matchCriteriaId": "D1562813-DF7E-44B4-B1A8-BA1D29EA36A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:impresscms:impresscms:1.2:alpha2:*:*:*:*:*:*",
              "matchCriteriaId": "E03BAC32-4EED-461D-9A3F-8950DDF9137B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:impresscms:impresscms:1.2:beta:*:*:*:*:*:*",
              "matchCriteriaId": "10325A08-8E84-453E-AB40-FF77BEDDCE8D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:impresscms:impresscms:1.2:final:*:*:*:*:*:*",
              "matchCriteriaId": "866FCF80-E8F4-4A13-B4CB-85FABB7EFCBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:impresscms:impresscms:1.2:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "2D5B1D85-C58A-44C0-9F63-AA80F21F41A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:impresscms:impresscms:1.2:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "A6BBB64A-A7AF-42A5-9987-ADE774EB4450",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:impresscms:impresscms:1.2.1:beta:*:*:*:*:*:*",
              "matchCriteriaId": "FC070D86-BA9D-4C59-8A9F-EAF6BC8AB69E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:impresscms:impresscms:1.2.1:final:*:*:*:*:*:*",
              "matchCriteriaId": "F316CCA3-CCE8-4035-B960-A15287BE23BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:impresscms:impresscms:1.2.1:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "977FACD8-32A3-4763-ABEC-A8500DA0EA87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:impresscms:impresscms:1.2.3:beta:*:*:*:*:*:*",
              "matchCriteriaId": "34A85AA9-8989-4D67-B64A-87D2A3589A10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:impresscms:impresscms:1.2.3:final:*:*:*:*:*:*",
              "matchCriteriaId": "F00634F3-707C-4C5E-AC49-87B472D83C19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:impresscms:impresscms:1.2.3:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "680AD01C-40AF-4ABA-9214-059A72874FE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:impresscms:impresscms:1.2.3:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "E1C7FF42-9CD7-4692-9FA0-17B59D82D952",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:impresscms:impresscms:1.2.4:final:*:*:*:*:*:*",
              "matchCriteriaId": "4DC5894E-9EFE-4858-9EC7-18E89B01A117",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:impresscms:impresscms:1.2.5:final:*:*:*:*:*:*",
              "matchCriteriaId": "DA31879B-D41E-4E14-91CD-4511E4A8E34F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:impresscms:impresscms:1.2.6:final:*:*:*:*:*:*",
              "matchCriteriaId": "C80928E3-8A4A-4155-9F97-DF96BBA10F19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:impresscms:impresscms:1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "03CF5F6A-6B9D-4E10-B635-F02621110472",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Directory traversal vulnerability in edituser.php in ImpressCMS 1.2.x before 1.2.7 Final and 1.3.x before 1.3.1 Final allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the icmsConfigPlugins[sanitizer_plugins][] parameter."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de salto de directorio en edituser.php en ImpressCMS v1.2.x anterior a v1.2.7 Final y v1.3.x anterior a v1.3.1 Final permite a usuarios remotos autenticados incluir y ejecutar ficheros locales arbitrarios mediante un .. (punto punto) en el par\u00e1metro icmsConfigPlugins[sanitizer_plugins][]"
    }
  ],
  "id": "CVE-2012-0987",
  "lastModified": "2024-11-21T01:36:05.580",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-10-06T21:55:03.707",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0022.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://community.impresscms.org/modules/smartsection/item.php?itemid=579"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/47448"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.osvdb.org/78143"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/51268"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72146"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.htbridge.com/advisory/HTB23064"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://community.impresscms.org/modules/smartsection/item.php?itemid=579"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/47448"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.osvdb.org/78143"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/51268"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72146"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.htbridge.com/advisory/HTB23064"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2012-0987

Vulnerability from cvelistv5

gsd-2012-0987

Vulnerability from gsd

ghsa-9gfm-wp7r-h4wp

Vulnerability from github

fkie_cve-2012-0987

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature