Impresscms : Security Vulnerabilities, CVEs, CVSS score >= 9

CVE-2022-24977

ImpressCMS before 1.4.2 allows unauthenticated remote code execution via ...../// directory traversal in origName or imageName, leading to unsafe interaction with the CKEditor processImage.php script. The payload may be placed in PHP_SESSION_UPLOAD_PROGRESS when the PHP installation supports upload_progress.
Max CVSS
9.8
EPSS Score
1.28%
Published
2022-02-14
Updated
2022-02-24

CVE-2021-26600

ImpressCMS before 1.4.3 has plugins/preloads/autologin.php type confusion with resultant Authentication Bypass (!= instead of !==).
Max CVSS
9.8
EPSS Score
12.25%
Published
2022-03-28
Updated
2022-03-30

CVE-2021-26599

ImpressCMS before 1.4.3 allows include/findusers.php groups SQL Injection.
Max CVSS
9.8
EPSS Score
0.94%
Published
2022-03-28
Updated
2022-03-30

CVE-2008-3453

Multiple unspecified vulnerabilities in ImpressCMS 1.0 have unknown impact and attack vectors, related to modules/admin.php and "a few files."
Max CVSS
10.0
EPSS Score
0.27%
Published
2008-08-04
Updated
2017-08-08
4 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close