Unrated severityNVD Advisory· Published Oct 6, 2012· Updated Apr 29, 2026
CVE-2012-0987
CVE-2012-0987
Description
Directory traversal vulnerability in edituser.php in ImpressCMS 1.2.x before 1.2.7 Final and 1.3.x before 1.3.1 Final allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the icmsConfigPlugins[sanitizer_plugins][] parameter.
Affected products
17cpe:2.3:a:impresscms:impresscms:1.2:alpha1:*:*:*:*:*:*+ 16 more
- cpe:2.3:a:impresscms:impresscms:1.2:alpha1:*:*:*:*:*:*
- cpe:2.3:a:impresscms:impresscms:1.2:alpha2:*:*:*:*:*:*
- cpe:2.3:a:impresscms:impresscms:1.2:beta:*:*:*:*:*:*
- cpe:2.3:a:impresscms:impresscms:1.2:final:*:*:*:*:*:*
- cpe:2.3:a:impresscms:impresscms:1.2:rc1:*:*:*:*:*:*
- cpe:2.3:a:impresscms:impresscms:1.2:rc2:*:*:*:*:*:*
- cpe:2.3:a:impresscms:impresscms:1.2.1:beta:*:*:*:*:*:*
- cpe:2.3:a:impresscms:impresscms:1.2.1:final:*:*:*:*:*:*
- cpe:2.3:a:impresscms:impresscms:1.2.1:rc1:*:*:*:*:*:*
- cpe:2.3:a:impresscms:impresscms:1.2.3:beta:*:*:*:*:*:*
- cpe:2.3:a:impresscms:impresscms:1.2.3:final:*:*:*:*:*:*
- cpe:2.3:a:impresscms:impresscms:1.2.3:rc1:*:*:*:*:*:*
- cpe:2.3:a:impresscms:impresscms:1.2.3:rc2:*:*:*:*:*:*
- cpe:2.3:a:impresscms:impresscms:1.2.4:final:*:*:*:*:*:*
- cpe:2.3:a:impresscms:impresscms:1.2.5:final:*:*:*:*:*:*
- cpe:2.3:a:impresscms:impresscms:1.2.6:final:*:*:*:*:*:*
- cpe:2.3:a:impresscms:impresscms:1.3:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- community.impresscms.org/modules/smartsection/item.phpnvdPatchVendor Advisory
- archives.neohapsis.com/archives/bugtraq/2012-01/0022.htmlnvdExploit
- www.osvdb.org/78143nvdExploit
- secunia.com/advisories/47448nvdVendor Advisory
- www.securityfocus.com/bid/51268nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/72146nvd
- www.htbridge.com/advisory/HTB23064nvd
News mentions
0No linked articles in our index yet.