返回 CVE 浏览器

CVE-2021-26601

HIGH

8.1

CVSS Severity Score

EPSS Score0.1920%

EPSS Percentile19.86th

Published2022年3月28日

Last Modified2024年11月21日

Vulnerability Description

ImpressCMS before 1.4.3 allows libraries/image-editor/image-edit.php image_temp Directory Traversal.

Affected Platforms (CPE)

📦

Impresscms

Impresscms

< 1.4.3

References & Advisories

🔗 http://karmainsecurity.com/KIS-2022-02

🔗 http://packetstormsecurity.com/files/166402/ImpressCMS-1.4.2-Path-Traversal.html

🔗 http://seclists.org/fulldisclosure/2022/Mar/44

🔗 https://hackerone.com/reports/1081878

🔗 http://karmainsecurity.com/KIS-2022-02

🔗 http://packetstormsecurity.com/files/166402/ImpressCMS-1.4.2-Path-Traversal.html

🔗 http://seclists.org/fulldisclosure/2022/Mar/44

🔗 https://hackerone.com/reports/1081878

相关漏洞威胁

CVE-2008-345310.0

Multiple unspecified vulnerabilities in ImpressCMS 1.0 have unknown impact and attack vectors, related to modules/admin.php and "a...

CVE-2021-266009.8

ImpressCMS before 1.4.3 has plugins/preloads/autologin.php type confusion with resultant Authentication Bypass (!= instead of !==)...

CVE-2021-265999.8

ImpressCMS before 1.4.3 allows include/findusers.php groups SQL Injection.

CVE-2021-479388.8

ImpressCMS 1.4.2 contains a remote code execution vulnerability in the autotasks administrative interface that allows authenticate...