CyberSec.Space Logo
CVEブラウザに戻る

CVE-2021-26599

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0870%
EPSS Percentile28.16th
Published2022年3月28日
Last Modified2024年11月21日

Vulnerability Description

ImpressCMS before 1.4.3 allows include/findusers.php groups SQL Injection.

Affected Platforms (CPE)

📦
Impresscms

Impresscms

< 1.4.4

References & Advisories

🔗 http://karmainsecurity.com/KIS-2022-04
🔗 http://packetstormsecurity.com/files/166404/ImpressCMS-1.4.2-SQL-Injection.html
🔗 http://seclists.org/fulldisclosure/2022/Mar/46
🔗 https://hackerone.com/reports/1081145
🔗 http://karmainsecurity.com/KIS-2022-04
🔗 http://packetstormsecurity.com/files/166404/ImpressCMS-1.4.2-SQL-Injection.html
🔗 http://seclists.org/fulldisclosure/2022/Mar/46
🔗 https://hackerone.com/reports/1081145

関連する脆弱性情報

CVE-2008-345310.0

Multiple unspecified vulnerabilities in ImpressCMS 1.0 have unknown impact and attack vectors, related to modules/admin.php and "a...

CVE-2021-266009.8

ImpressCMS before 1.4.3 has plugins/preloads/autologin.php type confusion with resultant Authentication Bypass (!= instead of !==)...

CVE-2021-479388.8

ImpressCMS 1.4.2 contains a remote code execution vulnerability in the autotasks administrative interface that allows authenticate...

CVE-2021-266018.1

ImpressCMS before 1.4.3 allows libraries/image-editor/image-edit.php image_temp Directory Traversal.