CyberSec.Space Logo
返回 CVE 浏览器

CVE-2021-47938

HIGH
8.8
CVSS Severity Score
EPSS Score0.1950%
EPSS Percentile25.98th
Published2026年5月10日
Last Modified2026年5月12日

Vulnerability Description

ImpressCMS 1.4.2 contains a remote code execution vulnerability in the autotasks administrative interface that allows authenticated attackers to execute arbitrary PHP code by injecting malicious code into the sat_code parameter. Attackers can authenticate, submit a POST request to /modules/system/admin.php?fct=autotasks&op=mod with crafted sat_code containing PHP commands, which creates an executable file that accepts arbitrary commands via GET parameters.

Affected Platforms (CPE)

No CPE configurations currently published for this record.

References & Advisories

🔗 https://www.exploit-db.com/exploits/50298
🔗 https://www.impresscms.org/
🔗 https://www.impresscms.org/modules/downloads/
🔗 https://www.vulncheck.com/advisories/impresscms-remote-code-execution-via-autotasks

相关漏洞威胁

CVE-2021-2124310.0

OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, a Kubernetes REST endpoint exposes two methods that deser...

CVE-2021-021110.0

An improper check for unusual or exceptional conditions in Juniper Networks Junos OS and Junos OS Evolved Routing Protocol Daemon ...

CVE-2021-3467910.0

Thycotic Password Reset Server before 5.3.0 allows credential disclosure.

CVE-2021-2124410.0

OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, There is a vulnerability that enabled pre-auth server sid...