Vulnerability Database

322,935

Total vulnerabilities in the database

CVE-2014-1836

Absolute path traversal vulnerability in htdocs/libraries/image-editor/image-edit.php in ImpressCMS before 1.3.6 allows remote attackers to delete arbitrary files via a full pathname in the image_path parameter in a cancel action.

Published: Jul 1, 2015
Updated: Nov 9, 2025
CVE: CVE-2014-1836
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.4
AV:N/AC:L/Au:N/C:N/I:P/A:P

CWEs:

CWE-22

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
impresscms / impresscms	-	1.3.5.x

http://community.impresscms.org/modules/smartsection/item.php?itemid=675
http://osvdb.org/show/osvdb/102770
http://seclists.org/fulldisclosure/2014/Feb/14
http://www.securityfocus.com/bid/65279
https://github.com/pedrib/PoC/blob/master/generic/impresscms-1.3.5.txt

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo