CVE-2022-24977

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-24977

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-24977.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-24977

Aliases

GHSA-389p-fchr-q2mg

Published

2022-02-14T12:15:27Z

Modified

2024-05-15T01:15:59.838210Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

ImpressCMS before 1.4.2 allows unauthenticated remote code execution via ...../// directory traversal in origName or imageName, leading to unsafe interaction with the CKEditor processImage.php script. The payload may be placed in PHPSESSIONUPLOADPROGRESS when the PHP installation supports uploadprogress.

References

Affected packages

Git / github.com/impresscms/impresscms

Affected ranges

Type: GIT
Repo: https://github.com/impresscms/impresscms
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

a66d7bb499faafab803e24833606028fa0ba4261

Affected versions

1.*

1.3.10-beta

1.3.8

1.3.8-beta

1.3.9

1.3.9_rc

1.4.1

impresscms_1.*

impresscms_1.3.3

impresscms_1.3.4

v1.*

v1.3.10

v1.3.11

v1.3.11-beta

v1.3.11-beta2

v1.3.11-rc

v1.3.11-rc2

v1.3.8

v1.4.0

v1.4.0-alpha

v1.4.0-alpha.2

v1.4.0-beta

v1.4.0-rc

v1.4.1_beta