Lucene search
GoogleOSV:GHSA-M8XH-CQC2-5Q6FHistoryMar 29, 2022 - 12:01 a.m.
Type Confusion in ImpressCMS
2022-03-2900:01:16
Google
osv.dev
10
impresscms
type confusion
authentication bypass
EPSS
0.154
Percentile
95.9%
ImpressCMS before 1.4.3 has plugins/preloads/autologin.php type confusion with resultant Authentication Bypass (!= instead of !==).
References
karmainsecurity.com/KIS-2022-01
packetstormsecurity.com/files/166393/ImpressCMS-1.4.2-Authentication-Bypass.html
seclists.org/fulldisclosure/2022/Mar/43
github.com/ImpressCMS/impresscms
github.com/ImpressCMS/impresscms/releases/tag/v1.4.3
hackerone.com/reports/1081986
nvd.nist.gov/vuln/detail/CVE-2021-26600
Related
cvelist
cvelist
CVE-2021-26600
2022-03-28 00:48:40
prion
prion
Type confusion
2022-03-28 01:15:00
packetstorm
packetstorm
ImpressCMS 1.4.2 Authentication Bypass
2022-03-22 00:00:00
osv
osv
CVE-2021-26600
2022-03-28 01:15:06
zdt
zdt
ImpressCMS 1.4.2 Authentication Bypass Vulnerability
2022-03-23 00:00:00
nvd
nvd
CVE-2021-26600
2022-03-28 01:15:06
hackerone
hackerone
ImpressCMS: Potential Authentication Bypass through "autologin" feature
2021-01-19 23:53:03
github
github
Type Confusion in ImpressCMS
2022-03-29 00:01:16
cve
cve
CVE-2021-26600
2022-03-28 01:15:06