Impresscms : Security Vulnerabilities, CVEs, (Code Execution)

CVE-2022-24977

ImpressCMS before 1.4.2 allows unauthenticated remote code execution via ...../// directory traversal in origName or imageName, leading to unsafe interaction with the CKEditor processImage.php script. The payload may be placed in PHP_SESSION_UPLOAD_PROGRESS when the PHP installation supports upload_progress.
Max CVSS
9.8
EPSS Score
1.28%
Published
2022-02-14
Updated
2022-02-24

CVE-2020-17551

ImpressCMS 1.4.0 is affected by XSS in modules/system/admin.php which may result in arbitrary remote code execution.
Max CVSS
4.8
EPSS Score
0.09%
Published
2020-10-07
Updated
2020-10-14
2 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close