CVE-2022-24977: 
PHP vulnerability analysis and mitigation

ImpressCMS versions before 1.4.2 contained a critical vulnerability (CVE-2022-24977) that allowed unauthenticated remote code execution through directory traversal in origName or imageName parameters. The vulnerability was discovered in October 2020 and affected the CKeditor image processor component (R0 Haxors).

The vulnerability existed in the processImage.php file within the CKeditor component. The issue stemmed from insufficient filtering of user-supplied image paths, where the str_replace function was used non-recursively to filter '../' and './' sequences. This allowed attackers to bypass the protection using patterns like '.....///' which would resolve to '../' after filtering. The vulnerability could be triggered through the 'undo' and 'save' actions in the image editor functionality (R0 Haxors).

The vulnerability allowed unauthenticated attackers to perform arbitrary file copy operations and achieve remote code execution on affected systems. This gave attackers complete control over vulnerable ImpressCMS installations without requiring any authentication (R0 Haxors).

The vulnerability was patched in ImpressCMS version 1.4.2 pre-release (December 2020) and version 2.0.0 alpha 11 (October 2021). Users should upgrade to these or newer versions to protect against this vulnerability (R0 Haxors, GitHub ImpressCMS).