Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
impresscms impresscms vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2021-26599
ImpressCMS prior to 1.4.3 allows include/findusers.php groups SQL Injection.
Impresscms Impresscms
9.8
CVSSv3
CVE-2021-26600
ImpressCMS prior to 1.4.3 has plugins/preloads/autologin.php type confusion with resultant Authentication Bypass (!= instead of !==).
Impresscms Impresscms
9.8
CVSSv3
CVE-2022-24977
ImpressCMS prior to 1.4.2 allows unauthenticated remote code execution via ...../// directory traversal in origName or imageName, leading to unsafe interaction with the CKEditor processImage.php script. The payload may be placed in PHP_SESSION_UPLOAD_PROGRESS when the PHP install...
Impresscms Impresscms
8.1
CVSSv3
CVE-2021-26601
ImpressCMS prior to 1.4.3 allows libraries/image-editor/image-edit.php image_temp Directory Traversal.
Impresscms Impresscms
7.2
CVSSv3
CVE-2022-26986
SQL Injection in ImpressCMS 1.4.3 and previous versions allows remote malicious users to inject into the code in unintended way, this allows an malicious user to read and modify the sensitive information from the database used by the application. If misconfigured, an attacker can...
Impresscms Impresscms
6.1
CVSSv3
CVE-2018-13983
ImpressCMS 1.3.10 has XSS via the PATH_INFO to htdocs/install/index.php, htdocs/install/page_langselect.php, or htdocs/install/page_modcheck.php.
Impresscms Impresscms 1.3.10
5.4
CVSSv3
CVE-2021-28088
Cross-site scripting (XSS) in modules/content/admin/content.php in ImpressCMS profile 1.4.2 allows remote malicious users to inject arbitrary web script or HTML parameters through the "Display Name" field.
Impresscms Impresscms 1.4.2
5.3
CVSSv3
CVE-2021-26598
ImpressCMS prior to 1.4.3 has Incorrect Access Control because include/findusers.php allows access by unauthenticated attackers (who are, by design, able to have a security token).
Impresscms Impresscms
4.8
CVSSv3
CVE-2023-37785
A cross-site scripting (XSS) vulnerability in ImpressCMS v1.4.5 and before allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the smile_code parameter of the component /editprofile.php.
Impresscms Impresscms
4.8
CVSSv3
CVE-2020-17551
ImpressCMS 1.4.0 is affected by XSS in modules/system/admin.php which may result in arbitrary remote code execution.
Impresscms Impresscms 1.4.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671
unauthorized
CVE-2024-4776
CVE-2024-3407
CVE-2024-26026
CVE-2024-32888
wireless
CVE-2024-4656
template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »