9.8
CVE-2022-50912
- EPSS 0.98%
- Veröffentlicht 13.01.2026 22:51:51
- Zuletzt bearbeitet 03.02.2026 19:26:43
- Quelle disclosure@vulncheck.com
- CVE-Watchlists
- Unerledigt
ImpressCMS 1.4.4 - Unrestricted File Upload
ImpressCMS 1.4.4 contains a file upload vulnerability with weak extension sanitization that allows attackers to upload potentially malicious files. Attackers can bypass file upload restrictions by using alternative file extensions .php2.php6.php7.phps.pht to execute arbitrary PHP code on the server.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Impresscms ≫ Impresscms Version1.4.4
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.98% | 0.577 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| disclosure@vulncheck.com | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| disclosure@vulncheck.com | 9.3 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-434 Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
https://www.impresscms.org/
https://www.exploit-db.com/exploits/50890
https://github.com/ImpressCMS/impresscms
https://www.vulncheck.com/advisories/impresscms-unrestricted-file-upload