Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormEgiX, karmainsecurity.comPACKETSTORM:166403
HistoryMar 22, 2022 - 12:00 a.m.

ImpressCMS 1.4.2 Incorrect Access Control

2022-03-2200:00:00
EgiX, karmainsecurity.com
packetstormsecurity.com
202

0.04 Low

EPSS

Percentile

92.0%

JSON
`--------------------------------------------------------------------------  
ImpressCMS <= 1.4.2 (findusers.php) Incorrect Access Control Vulnerability  
--------------------------------------------------------------------------  
  
  
[-] Software Link:  
  
https://www.impresscms.org  
  
  
[-] Affected Versions:  
  
Version 1.4.2 and prior versions.  
  
  
[-] Vulnerability Description:  
  
The vulnerability is located in the /include/findusers.php script:  
  
16. include "../mainfile.php";  
17. xoops_header(false);  
18.  
19. $denied = true;  
20. if (!empty($_REQUEST['token'])) {  
21. if (icms::$security->validateToken($_REQUEST['token'], false)) {  
22. $denied = false;  
23. }  
24. } elseif (is_object(icms::$user) && icms::$user->isAdmin()) {  
25. $denied = false;  
26. }  
27. if ($denied) {  
28. icms_core_Message::error(_NOPERM);  
29. exit();  
30. } }  
  
This script should be accessible to authenticated users only. However,   
because of the "if" statement at lines 20-23, this script could be   
accessed by unauthenticated attackers if they will provide a valid   
security token. Such a token will be generated in several places within   
the application, and some of them do not require the user to be   
authenticated, like in the misc.php script. This might be exploited to   
access an otherwise restricted functionality of the application, which   
in turn might allow an information disclosure about the CMS users.  
  
  
[-] Solution:  
  
Upgrade to version 1.4.3 or later.  
  
  
[-] Disclosure Timeline:  
  
[19/01/2021] - Vendor notified through HackerOne  
[03/02/2021] - CVE number assigned  
[06/02/2022] - Version 1.4.3 released  
[22/03/2022] - Public disclosure  
  
  
[-] CVE Reference:  
  
The Common Vulnerabilities and Exposures project (cve.mitre.org)  
has assigned the name CVE-2021-26598 to this vulnerability.  
  
  
[-] Credits:  
  
Vulnerability discovered by Egidio Romano.  
  
  
[-] Other References:  
  
https://hackerone.com/reports/1081137  
  
  
[-] Original Advisory:  
  
http://karmainsecurity.com/KIS-2022-03  
  
  
`

Related

osv 2
cvelist 1
zdt 2
nuclei 1
cve 1
github 1
prion 1
nvd 1
packetstorm 1
exploitdb 1
osv
osv
CVE-2021-26598
2022-03-28 01:15:06
Incorrect Access Control in ImpressCMS
2022-03-29 00:01:16
cvelist
cvelist
CVE-2021-26598
2022-03-28 00:31:42
zdt
zdt
ImpressCMS 1.4.2 Incorrect Access Control Vulnerability
2022-03-23 00:00:00
ImpressCMS 1.4.2 - Remote Code Execution Exploit
2022-03-30 00:00:00
nuclei
nuclei
ImpressCMS <1.4.3 - Incorrect Authorization
2022-04-03 02:23:45
cve
cve
CVE-2021-26598
2022-03-28 01:15:06
github
github
Incorrect Access Control in ImpressCMS
2022-03-29 00:01:16
prion
prion
Design/Logic Flaw
2022-03-28 01:15:00
nvd
nvd
CVE-2021-26598
2022-03-28 01:15:06
packetstorm
packetstorm
ImpressCMS 1.4.2 Remote Code Execution
2022-03-23 00:00:00
exploitdb
exploitdb
ImpressCMS 1.4.2 - Remote Code Execution (RCE)
2022-03-30 00:00:00

0.04 Low

EPSS

Percentile

92.0%

JSON
Related for PACKETSTORM:166403
osv2cvelist1zdt2nuclei1cve1github1prion1nvd1packetstorm1exploitdb1