CVE-2011-4932 - Vulnerability Details - OpenCVE

Eval injection vulnerability in ip_cms/modules/standard/content_management/actions.php in ImpressPages CMS 1.0.12 and possibly other versons before 1.0.13 allows remote attackers to execute arbitrary code via the cm_group parameter.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.03472.

Key SSVC decision points have not yet been added.

Vendors	Products
Impresspages	Impresspages Cms

Configuration 1 [-]

cpe:2.3:a:impresspages:impresspages_cms:1.0.12:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2011-4842	Eval injection vulnerability in ip_cms/modules/standard/content_management/actions.php in ImpressPages CMS 1.0.12 and possibly other versons before 1.0.13 allows remote attackers to execute arbitrary code via the cm_group parameter.
Github GHSA	GHSA-fr34-mx6j-vpxh	ImpressPages CMS eval injection vulnerability

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://archives.neohapsis.com/archives/bugtraq/2012-01/0029.html
http://seclists.org/bugtraq/2011/Sep/156
http://secunia.com/advisories/46193
http://www.impresspages.org/news/impresspages-1-0-13-security-release/
http://www.openwall.com/lists/oss-security/2012/01/15/9
http://www.openwall.com/lists/oss-security/2012/01/18/12
http://www.osvdb.org/75783
http://www.securityfocus.com/bid/49798

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2012-10-06T21:00:00Z

Updated: 2024-09-16T16:28:26.184Z

Reserved: 2011-12-23T00:00:00Z

Link: CVE-2011-4932

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2012-10-06T21:55:02.643

Modified: 2025-04-11T00:51:21.963

Link: CVE-2011-4932

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Eval injection vulnerability in ip_cms/modules/standard/content_management/actions.php in ImpressPages CMS 1.0.12 and possibly other versons before 1.0.13 allows remote attackers to execute arbitrary code via the cm_group parameter."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2012-10-06T21:00:00Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "46193", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/46193"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.impresspages.org/news/impresspages-1-0-13-security-release/"}, {"name": "75783", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/75783"}, {"name": "[oss-security] 20120118 Re: CVE-request: NGS00109 remote code execution in ImpressPages CMS", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2012/01/18/12"}, {"name": "49798", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/49798"}, {"name": "20120105 NGS00109 Technical Advisory: Remote Code Execution in ImpressPages CMS", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0029.html"}, {"name": "[oss-security] 20120115 CVE-request: NGS00109 remote code execution in ImpressPages CMS", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2012/01/15/9"}, {"name": "20110927 NGS00109 Patch Notification: ImpressPages CMS Remote code execution", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://seclists.org/bugtraq/2011/Sep/156"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-4932", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Eval injection vulnerability in ip_cms/modules/standard/content_management/actions.php in ImpressPages CMS 1.0.12 and possibly other versons before 1.0.13 allows remote attackers to execute arbitrary code via the cm_group parameter."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "46193", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/46193"}, {"name": "http://www.impresspages.org/news/impresspages-1-0-13-security-release/", "refsource": "CONFIRM", "url": "http://www.impresspages.org/news/impresspages-1-0-13-security-release/"}, {"name": "75783", "refsource": "OSVDB", "url": "http://www.osvdb.org/75783"}, {"name": "[oss-security] 20120118 Re: CVE-request: NGS00109 remote code execution in ImpressPages CMS", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2012/01/18/12"}, {"name": "49798", "refsource": "BID", "url": "http://www.securityfocus.com/bid/49798"}, {"name": "20120105 NGS00109 Technical Advisory: Remote Code Execution in ImpressPages CMS", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0029.html"}, {"name": "[oss-security] 20120115 CVE-request: NGS00109 remote code execution in ImpressPages CMS", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2012/01/15/9"}, {"name": "20110927 NGS00109 Patch Notification: ImpressPages CMS Remote code execution", "refsource": "BUGTRAQ", "url": "http://seclists.org/bugtraq/2011/Sep/156"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T00:23:39.035Z"}, "title": "CVE Program Container", "references": [{"name": "46193", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/46193"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.impresspages.org/news/impresspages-1-0-13-security-release/"}, {"name": "75783", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/75783"}, {"name": "[oss-security] 20120118 Re: CVE-request: NGS00109 remote code execution in ImpressPages CMS", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2012/01/18/12"}, {"name": "49798", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/49798"}, {"name": "20120105 NGS00109 Technical Advisory: Remote Code Execution in ImpressPages CMS", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0029.html"}, {"name": "[oss-security] 20120115 CVE-request: NGS00109 remote code execution in ImpressPages CMS", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2012/01/15/9"}, {"name": "20110927 NGS00109 Patch Notification: ImpressPages CMS Remote code execution", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://seclists.org/bugtraq/2011/Sep/156"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2011-4932", "datePublished": "2012-10-06T21:00:00Z", "dateReserved": "2011-12-23T00:00:00Z", "dateUpdated": "2024-09-16T16:28:26.184Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:impresspages:impresspages_cms:1.0.12:*:*:*:*:*:*:*", "matchCriteriaId": "91829167-0EE6-41E5-A1C4-3C666105D904", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Eval injection vulnerability in ip_cms/modules/standard/content_management/actions.php in ImpressPages CMS 1.0.12 and possibly other versons before 1.0.13 allows remote attackers to execute arbitrary code via the cm_group parameter."}, {"lang": "es", "value": "Inyecci\u00f3n eval en ip_cms/modules/standard/content_management/actions.php en ImpressPages CMS v1.0.12 y posiblemente otras versiones a v1.0.13 permiten a atacantes remotos ejecutar c\u00f3digo arbitrario mediante el par\u00e1metro cm_group"}], "id": "CVE-2011-4932", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-10-06T21:55:02.643", "references": [{"source": "secalert@redhat.com", "tags": ["Exploit"], "url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0029.html"}, {"source": "secalert@redhat.com", "url": "http://seclists.org/bugtraq/2011/Sep/156"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/46193"}, {"source": "secalert@redhat.com", "url": "http://www.impresspages.org/news/impresspages-1-0-13-security-release/"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2012/01/15/9"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2012/01/18/12"}, {"source": "secalert@redhat.com", "url": "http://www.osvdb.org/75783"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/49798"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0029.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/bugtraq/2011/Sep/156"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/46193"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.impresspages.org/news/impresspages-1-0-13-security-release/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2012/01/15/9"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2012/01/18/12"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/75783"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/49798"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "nvd@nist.gov", "type": "Primary"}]}