Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-4932

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2011-4932
Last Modified 08 Oct 2012 12:00:00
Published 06 Oct 2012 05:55:02
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-4932

Summary

Eval injection vulnerability in ip_cms/modules/standard/content_management/actions.php in ImpressPages CMS 1.0.12 and possibly other versons before 1.0.13 allows remote attackers to execute arbitrary code via the cm_group parameter.

Vulnerable Systems

Application

  • Impresspages Cms 1.0.12


References

BID - 49798

OSVDB - 75783

MLIST - [oss-security] 20120118 Re: CVE-request: NGS00109 remote code execution in ImpressPages CMS

MLIST - [oss-security] 20120115 CVE-request: NGS00109 remote code execution in ImpressPages CMS

CONFIRM - http://www.impresspages.org/news/impresspages-1-0-13-security-release/

SECUNIA - 46193

BUGTRAQ - 20110927 NGS00109 Patch Notification: ImpressPages CMS Remote code execution

BUGTRAQ - 20120105 NGS00109 Technical Advisory: Remote Code Execution in ImpressPages CMS


Last Updated: 27 May 2016 11:00:53