EUVD-2022-1455

🗓️ 03 Oct 2025 20:07:09Reported by EUVDType

ImpressCMS before 1.4.3 vulnerable to SQL Injection via include/findusers.php groups feature

Reporter	Title	Published	Views	Family All 17
0day.today	ImpressCMS 1.4.2 SQL Injection Vulnerability	23 Mar 202200:00	–	zdt
0day.today	ImpressCMS 1.4.2 - Remote Code Execution Exploit	30 Mar 202200:00	–	zdt
Circl	CVE-2021-26599	28 Mar 202207:39	–	circl
CNNVD	ImpressCMS SQL注入漏洞	22 Mar 202200:00	–	cnnvd
CNVD	ImpressCMS SQL Injection Vulnerability (CNVD-2022-30802)	24 Mar 202200:00	–	cnvd
CVE	CVE-2021-26599	28 Mar 202200:41	–	cve
Cvelist	CVE-2021-26599	28 Mar 202200:41	–	cvelist
Exploit DB	ImpressCMS 1.4.2 - Remote Code Execution (RCE)	30 Mar 202200:00	–	exploitdb
Github Security Blog	SQL Injection in ImpressCMS	29 Mar 202200:01	–	github
Nuclei	ImpressCMS < 1.4.3 - SQL Injection	6 Jun 202603:01	–	nuclei

[
  {
    "enisaIdVendor": [
      {
        "id": "d637f2f7-8023-3108-a5d9-5d08833ad164",
        "vendor": {
          "name": "n/a"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "539aac3a-7b4f-359e-9617-c46236d7e2e7",
        "product": {
          "name": "n/a"
        },
        "product_version": "n/a"
      }
    ]
  }
]

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2021-26599
hackerone	www.hackerone.com/reports/1081145
github	www.github.com/ImpressCMS/impresscms
github	www.github.com/ImpressCMS/impresscms/releases/tag/v1.4.3
karmainsecurity	www.karmainsecurity.com/KIS-2022-04
packetstormsecurity	www.packetstormsecurity.com/files/166404/ImpressCMS-1.4.2-SQL-Injection.html
seclists	www.seclists.org/fulldisclosure/2022/Mar/46
packetstormsecurity	www.packetstormsecurity.com/files/cve/CVE-2021-26599

03 Oct 2025 20:07Current

9.2High risk

Vulners AI Score9.2

CVSS 3.19.8

CVSS 27.5

EPSS0.03926

impresscms sql injection vulnerability