CVE-2011-4932 - Vulnerability Details - OpenCVE

Eval injection vulnerability in ip_cms/modules/standard/content_management/actions.php in ImpressPages CMS 1.0.12 and possibly other versons before 1.0.13 allows remote attackers to execute arbitrary code via the cm_group parameter.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Impresspages	Impresspages Cms

Configuration 1 [-]

cpe:2.3:a:impresspages:impresspages_cms:1.0.12:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://archives.neohapsis.com/archives/bugtraq/2012-01/0029.html
http://seclists.org/bugtraq/2011/Sep/156
http://secunia.com/advisories/46193
http://www.impresspages.org/news/impresspages-1-0-13-security-release/
http://www.openwall.com/lists/oss-security/2012/01/15/9
http://www.openwall.com/lists/oss-security/2012/01/18/12
http://www.osvdb.org/75783
http://www.securityfocus.com/bid/49798

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2012-10-06T21:00:00Z

Updated: 2024-09-16T16:28:26.184Z

Reserved: 2011-12-23T00:00:00Z

Link: CVE-2011-4932

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2012-10-06T21:55:02.643

Modified: 2025-04-11T00:51:21.963

Link: CVE-2011-4932

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Eval injection vulnerability in ip_cms/modules/standard/content_management/actions.php in ImpressPages CMS 1.0.12 and possibly other versons before 1.0.13 allows remote attackers to execute arbitrary code via the cm_group parameter."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2012-10-06T21:00:00Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "46193", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/46193"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.impresspages.org/news/impresspages-1-0-13-security-release/"}, {"name": "75783", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/75783"}, {"name": "[oss-security] 20120118 Re: CVE-request: NGS00109 remote code execution in ImpressPages CMS", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2012/01/18/12"}, {"name": "49798", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/49798"}, {"name": "20120105 NGS00109 Technical Advisory: Remote Code Execution in ImpressPages CMS", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0029.html"}, {"name": "[oss-security] 20120115 CVE-request: NGS00109 remote code execution in ImpressPages CMS", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2012/01/15/9"}, {"name": "20110927 NGS00109 Patch Notification: ImpressPages CMS Remote code execution", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://seclists.org/bugtraq/2011/Sep/156"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-4932", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Eval injection vulnerability in ip_cms/modules/standard/content_management/actions.php in ImpressPages CMS 1.0.12 and possibly other versons before 1.0.13 allows remote attackers to execute arbitrary code via the cm_group parameter."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "46193", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/46193"}, {"name": "http://www.impresspages.org/news/impresspages-1-0-13-security-release/", "refsource": "CONFIRM", "url": "http://www.impresspages.org/news/impresspages-1-0-13-security-release/"}, {"name": "75783", "refsource": "OSVDB", "url": "http://www.osvdb.org/75783"}, {"name": "[oss-security] 20120118 Re: CVE-request: NGS00109 remote code execution in ImpressPages CMS", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2012/01/18/12"}, {"name": "49798", "refsource": "BID", "url": "http://www.securityfocus.com/bid/49798"}, {"name": "20120105 NGS00109 Technical Advisory: Remote Code Execution in ImpressPages CMS", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0029.html"}, {"name": "[oss-security] 20120115 CVE-request: NGS00109 remote code execution in ImpressPages CMS", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2012/01/15/9"}, {"name": "20110927 NGS00109 Patch Notification: ImpressPages CMS Remote code execution", "refsource": "BUGTRAQ", "url": "http://seclists.org/bugtraq/2011/Sep/156"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T00:23:39.035Z"}, "title": "CVE Program Container", "references": [{"name": "46193", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/46193"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.impresspages.org/news/impresspages-1-0-13-security-release/"}, {"name": "75783", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/75783"}, {"name": "[oss-security] 20120118 Re: CVE-request: NGS00109 remote code execution in ImpressPages CMS", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2012/01/18/12"}, {"name": "49798", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/49798"}, {"name": "20120105 NGS00109 Technical Advisory: Remote Code Execution in ImpressPages CMS", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0029.html"}, {"name": "[oss-security] 20120115 CVE-request: NGS00109 remote code execution in ImpressPages CMS", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2012/01/15/9"}, {"name": "20110927 NGS00109 Patch Notification: ImpressPages CMS Remote code execution", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://seclists.org/bugtraq/2011/Sep/156"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2011-4932", "datePublished": "2012-10-06T21:00:00Z", "dateReserved": "2011-12-23T00:00:00Z", "dateUpdated": "2024-09-16T16:28:26.184Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:impresspages:impresspages_cms:1.0.12:*:*:*:*:*:*:*", "matchCriteriaId": "91829167-0EE6-41E5-A1C4-3C666105D904", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Eval injection vulnerability in ip_cms/modules/standard/content_management/actions.php in ImpressPages CMS 1.0.12 and possibly other versons before 1.0.13 allows remote attackers to execute arbitrary code via the cm_group parameter."}, {"lang": "es", "value": "Inyecci\u00f3n eval en ip_cms/modules/standard/content_management/actions.php en ImpressPages CMS v1.0.12 y posiblemente otras versiones a v1.0.13 permiten a atacantes remotos ejecutar c\u00f3digo arbitrario mediante el par\u00e1metro cm_group"}], "id": "CVE-2011-4932", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-10-06T21:55:02.643", "references": [{"source": "secalert@redhat.com", "tags": ["Exploit"], "url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0029.html"}, {"source": "secalert@redhat.com", "url": "http://seclists.org/bugtraq/2011/Sep/156"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/46193"}, {"source": "secalert@redhat.com", "url": "http://www.impresspages.org/news/impresspages-1-0-13-security-release/"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2012/01/15/9"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2012/01/18/12"}, {"source": "secalert@redhat.com", "url": "http://www.osvdb.org/75783"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/49798"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0029.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/bugtraq/2011/Sep/156"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/46193"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.impresspages.org/news/impresspages-1-0-13-security-release/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2012/01/15/9"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2012/01/18/12"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/75783"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/49798"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "nvd@nist.gov", "type": "Primary"}]}