Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 31 Jan 2014 13:25:41 +0000
From: Pedro Ribeiro <pedrib@...il.com>
To: oss-security@...ts.openwall.com
Cc: Steve Kenow <skenow@...resscms.org>, ImpressCMS Security <security@...resscms.org>
Subject: CVE request: impressCMS 1.3.5 arbitrary file deletion and XSS

Hi,

I have discovered two vulnerabilities in ImpressCMS. These have been fixed
in the new 1.3.6 version, which you can get at
https://sourceforge.net/projects/impresscms/files/ImpressCMS%20Official%20Releases/ImpressCMS%201.3%20Branch/ImpressCMS%201.3.6/
.

One is an arbitrary file deletion and the other is two cross site scripting
issues.
Note that I was unable to exploit the XSS issues due to the inbuilt
protection module, so I'm not sure if it qualifies for a CVE.

The tickets containing the information are available here
https://www.assembla.com/spaces/dW4voyNP0r4ldbeJe5cbLr/tickets?report%5Bestimate_show%5D=true&report%5Bid%5D=0&report%5Bmilestone_id_cond%5D=1&report%5Bmilestone_id_val%5D=4129593&report%5Btitle%5D=All+Tickets+for+%27ImpressCMS+1.3.6%27&report%5Btotal_estimate_show%5D=true&report%5Btotal_invested_hours_show%5D=true&report%5Bworking_hours_show%5D=true.


Unfortunately I can't paste the full report in this email as the Android
Gmail client will mangle it. Please see the text file at
https://github.com/pedrib/PoC/blob/master/ImpressCMS/impresscms-1.3.5.txtfor
more details.

Thanks in advance,  and thanks to the ImpressCMS team for being so
responsive.

Regards,
Pedro Ribeiro
Agile Information Security

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ