exploitDog

CVE-2021-26599

Опубликовано: 28 мар. 2022

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

ImpressCMS before 1.4.3 allows include/findusers.php groups SQL Injection.

Ссылки

http://karmainsecurity.com/KIS-2022-04
Exploit
Third Party Advisory
http://packetstormsecurity.com/files/166404/ImpressCMS-1.4.2-SQL-Injection.html
Exploit
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2022/Mar/46
Exploit
Mailing List
Third Party Advisory
https://hackerone.com/reports/1081145
Permissions Required
Third Party Advisory
http://karmainsecurity.com/KIS-2022-04
Exploit
Third Party Advisory
http://packetstormsecurity.com/files/166404/ImpressCMS-1.4.2-SQL-Injection.html
Exploit
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2022/Mar/46
Exploit
Mailing List
Third Party Advisory
https://hackerone.com/reports/1081145
Permissions Required
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:impresscms:impresscms:*:*:*:*:*:*:*:*

Версия до 1.4.4 (исключая)

EPSS

Процентиль: 88%

0.04018

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-jc4v-vvg6-xg78

CVSS3: 9.8

github

почти 4 года назад

SQL Injection in ImpressCMS

EPSS

Процентиль: 88%

0.04018

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-89