CVE-2022-26986

Опубликовано: 05 апр. 2022

Источник: nvd

CVSS3: 7.2

CVSS2: 8.5

EPSS Низкий

Описание

SQL Injection in ImpressCMS 1.4.3 and earlier allows remote attackers to inject into the code in unintended way, this allows an attacker to read and modify the sensitive information from the database used by the application. If misconfigured, an attacker can even upload a malicious web shell to compromise the entire system.

Ссылки

http://packetstormsecurity.com/files/171485/ImpressCMS-1.4.3-SQL-Injection.html
https://github.com/sartlabs/0days/blob/main/ImpressCMS1.4.3/Exploit.txt
Exploit
Third Party Advisory
http://packetstormsecurity.com/files/171485/ImpressCMS-1.4.3-SQL-Injection.html
https://github.com/sartlabs/0days/blob/main/ImpressCMS1.4.3/Exploit.txt
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:impresscms:impresscms:*:*:*:*:*:*:*:*

Версия до 1.4.3 (включая)

EPSS

Процентиль: 80%

0.01419

Низкий

7.2 High

CVSS3

8.5 High

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-f99r-jjgr-f373