Impresscms : Security Vulnerabilities, CVEs, CVSS score >= 9
ImpressCMS before 1.4.2 allows unauthenticated remote code execution via ...../// directory traversal in origName or imageName, leading to unsafe interaction with the CKEditor processImage.php script. The payload may be placed in PHP_SESSION_UPLOAD_PROGRESS when the PHP installation supports upload_progress.
Max CVSS
9.8
EPSS Score
1.28%
Published
2022-02-14
Updated
2022-02-24
ImpressCMS before 1.4.3 has plugins/preloads/autologin.php type confusion with resultant Authentication Bypass (!= instead of !==).
Max CVSS
9.8
EPSS Score
12.25%
Published
2022-03-28
Updated
2022-03-30
ImpressCMS before 1.4.3 allows include/findusers.php groups SQL Injection.
Max CVSS
9.8
EPSS Score
0.94%
Published
2022-03-28
Updated
2022-03-30
Multiple unspecified vulnerabilities in ImpressCMS 1.0 have unknown impact and attack vectors, related to modules/admin.php and "a few files."
Max CVSS
10.0
EPSS Score
0.27%
Published
2008-08-04
Updated
2017-08-08
4 vulnerabilities found