CyberSec.Space Logo
Back to CVE Browser

CVE-2021-26600

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1580%
EPSS Percentile30.61th
PublishedMar 28, 2022
Last ModifiedNov 21, 2024

Vulnerability Description

ImpressCMS before 1.4.3 has plugins/preloads/autologin.php type confusion with resultant Authentication Bypass (!= instead of !==).

Affected Platforms (CPE)

πŸ“¦
Impresscms

Impresscms

< 1.4.3

References & Advisories

πŸ”— http://karmainsecurity.com/KIS-2022-01
πŸ”— http://packetstormsecurity.com/files/166393/ImpressCMS-1.4.2-Authentication-Bypass.html
πŸ”— http://seclists.org/fulldisclosure/2022/Mar/43
πŸ”— https://hackerone.com/reports/1081986
πŸ”— http://karmainsecurity.com/KIS-2022-01
πŸ”— http://packetstormsecurity.com/files/166393/ImpressCMS-1.4.2-Authentication-Bypass.html
πŸ”— http://seclists.org/fulldisclosure/2022/Mar/43
πŸ”— https://hackerone.com/reports/1081986

Related Vulnerabilities

CVE-2008-345310.0

Multiple unspecified vulnerabilities in ImpressCMS 1.0 have unknown impact and attack vectors, related to modules/admin.php and "a...

CVE-2021-265999.8

ImpressCMS before 1.4.3 allows include/findusers.php groups SQL Injection.

CVE-2021-479388.8

ImpressCMS 1.4.2 contains a remote code execution vulnerability in the autotasks administrative interface that allows authenticate...

CVE-2021-266018.1

ImpressCMS before 1.4.3 allows libraries/image-editor/image-edit.php image_temp Directory Traversal.