Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.8
CVSSv3

CVE-2021-26599

Published: 28/03/2022 Updated: 30/03/2022
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Impresscms

Vulnerability Summary

ImpressCMS prior to 1.4.3 allows include/findusers.php groups SQL Injection.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

impresscms impresscms

Exploits

Exploit DB: ImpressCMS 1.4.2 SQL Injection / Remote Code Execution
ImpressCMS versions 142 and below pre-authentication SQL injection to remote code execution exploit User input passed through the "groups" POST parameter to the /include/findusersphp script is not properly sanitized before being passed to the icms_member_Handler::getUserCountByGroupLink() and icms_member_Handler::getUsersByGroupLink() methods ...
Exploit DB: ImpressCMS 1.4.2 SQL Injection
ImpressCMS versions 143 and below suffer from a remote SQL injection vulnerability ...

References

CWE-89https://hackerone.com/reports/1081145http://packetstormsecurity.com/files/166404/ImpressCMS-1.4.2-SQL-Injection.htmlhttp://karmainsecurity.com/KIS-2022-04http://seclists.org/fulldisclosure/2022/Mar/46https://nvd.nist.govhttps://packetstormsecurity.com/files/166419/ImpressCMS-1.4.2-SQL-Injection-Remote-Code-Execution.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-25525CVE-2024-4652CVE-2024-1438CVE-2024-4671CVE-2024-34351arbitrary CVE-2024-4650SQL injectionoverflow
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook