CVE-2021-26598

Опубликовано: 28 мар. 2022

Источник: nvd

CVSS3: 5.3

CVSS2: 5

EPSS Высокий

Описание

ImpressCMS before 1.4.3 has Incorrect Access Control because include/findusers.php allows access by unauthenticated attackers (who are, by design, able to have a security token).

Ссылки

http://karmainsecurity.com/KIS-2022-03
Exploit
Third Party Advisory
http://seclists.org/fulldisclosure/2022/Mar/45
Exploit
Mailing List
Third Party Advisory
https://hackerone.com/reports/1081137
Exploit
Third Party Advisory
https://packetstormsecurity.com/files/166403/ImpressCMS-1.4.2-Incorrect-Access-Control.html
Exploit
Third Party Advisory
VDB Entry
http://karmainsecurity.com/KIS-2022-03
Exploit
Third Party Advisory
http://seclists.org/fulldisclosure/2022/Mar/45
Exploit
Mailing List
Third Party Advisory
https://hackerone.com/reports/1081137
Exploit
Third Party Advisory
https://packetstormsecurity.com/files/166403/ImpressCMS-1.4.2-Incorrect-Access-Control.html
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:impresscms:impresscms:*:*:*:*:*:*:*:*

Версия до 1.4.3 (исключая)

EPSS

Процентиль: 99%

0.76068

Высокий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-287

Связанные уязвимости

GHSA-48p3-xfvw-g59c