exploitDog

CVE-2022-50912

Опубликовано: 13 янв. 2026

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

ImpressCMS 1.4.4 contains a file upload vulnerability with weak extension sanitization that allows attackers to upload potentially malicious files. Attackers can bypass file upload restrictions by using alternative file extensions .php2.php6.php7.phps.pht to execute arbitrary PHP code on the server.

Ссылки

https://github.com/ImpressCMS/impresscms
Product
https://www.exploit-db.com/exploits/50890
Exploit
Third Party Advisory
VDB Entry
https://www.impresscms.org/
Product
https://www.vulncheck.com/advisories/impresscms-unrestricted-file-upload
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:impresscms:impresscms:1.4.4:*:*:*:*:*:*:*

EPSS

Процентиль: 33%

0.00128

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-434

Связанные уязвимости

GHSA-9h6r-9xvw-j888

CVSS3: 9.8

github

26 дней назад

ImpressCMS 1.4.4 contains a file upload vulnerability with weak extension sanitization that allows attackers to upload potentially malicious files. Attackers can bypass file upload restrictions by using alternative file extensions .php2.php6.php7.phps.pht to execute arbitrary PHP code on the server.

EPSS

Процентиль: 33%

0.00128

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-434