CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

258 matches found

ImpressCMS < 1.4.3 - SQL Injection

ImpressCMS before 1.4.3 is vulnerable to SQL injection via the groups parameter in include/findusers.php, allowing unauthenticated attackers to execute arbitrary SQL queries. id: CVE-2021-26599 info: name: ImpressCMS 1.4.3 - SQL Injection author: ritikchaddha severity: high description: |...

9.8CVSS7.6AI score0.03926EPSS

Exploits6References3

Nuclei•added yesterday•24 views

ImpressCMS <1.4.3 - Incorrect Authorization

ImpressCMS before 1.4.3 is susceptible to incorrect authorization via include/findusers.php. An attacker can provide a security token and potentially obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2021-26598 info: name: ImpressCMS 1.4.3 - Incorrect...

5.3CVSS6.1AI score0.76068EPSS

Exploits6References5

EUVD•added 2026/05/10 3:31 p.m.•1 views

EUVD-2021-34799

ImpressCMS 1.4.2 contains a remote code execution vulnerability in the autotasks administrative interface that allows authenticated attackers to execute arbitrary PHP code by injecting malicious code into the satcode parameter. Attackers can authenticate, submit a POST request to...

8.8CVSS6.6AI score0.0027EPSS

Exploits0References5

NVD•added 2026/05/10 1:16 p.m.•3 views

CVE-2021-47938

8.8CVSS0.0027EPSS

Exploits0References4

Vulnrichment•added 2026/05/10 12:43 p.m.•1 views

CVE-2021-47938 ImpressCMS 1.4.2 Remote Code Execution via Autotasks

8.8CVSS6.6AI score0.0027EPSS

Exploits0References4

CVE•added 2026/05/10 12:43 p.m.•4 views

CVE-2021-47938

ImpressCMS 1.4.2 suffers a remote code execution (RCE) in the autotasks admin interface. An authenticated attacker can send a crafted sat_code payload via POST to /modules/system/admin.php?fct=autotasks&op=mod, resulting in creation of an executable file that accepts arbitrary commands through GE...

8.8CVSS6.6AI score0.0027EPSS

Exploits0References4

ATTACKERKB•added 2026/05/10 12:43 p.m.•3 views

CVE-2021-47938

8.8CVSS6.6AI score0.0027EPSS

Exploits0References4Affected Software1

Cvelist•added 2026/05/10 12:43 p.m.•23 views

CVE-2021-47938 ImpressCMS 1.4.2 Remote Code Execution via Autotasks

8.8CVSS0.0027EPSS

Exploits0References4

Positive Technologies•added 2026/05/10 12:0 a.m.•3 views

PT-2026-39513

ImpressCMS 1.4.2 contains a remote code execution vulnerability in the autotasks administrative interface that allows authenticated attackers to execute arbitrary PHP code by injecting malicious code into the sat code parameter. Attackers can authenticate, submit a POST request to...

8.8CVSS6.6AI score0.0027EPSS

Exploits0References5

CNNVD•added 2026/05/10 12:0 a.m.•2 views

ImpressCMS 代码注入漏洞

ImpressCMS is a modular content management system CMS based on MySQL, developed by ImpressCMS Inc. This system includes modules for news publishing, forums, and photo albums. Version 1.4.2 of ImpressCMS has a code injection vulnerability. This vulnerability stems from a remote code execution flaw...

8.8CVSS6.7AI score0.0027EPSS

Exploits0References1

EUVD•added 2026/04/12 3:30 p.m.•2 views

EUVD-2019-20134

ImpressCMS 1.3.11 contains a time-based blind SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'bid' parameter. Attackers can send POST requests to the admin.php endpoint with malicious 'bid' values containing SQL...

7.1CVSS6AI score0.00061EPSS

Exploits1References5

NVD•added 2026/04/12 1:16 p.m.•2 views

CVE-2019-25703

8.8CVSS0.00061EPSS

Exploits1References4

Cvelist•added 2026/04/12 12:28 p.m.•24 views

CVE-2019-25703 ImpressCMS 1.3.11 SQL Injection via bid Parameter

7.1CVSS0.00061EPSS

Exploits1References4

ATTACKERKB•added 2026/04/12 12:28 p.m.•3 views

CVE-2019-25703

7.1CVSS6AI score0.00061EPSS

Exploits1References4Affected Software1

Vulnrichment•added 2026/04/12 12:28 p.m.•2 views

CVE-2019-25703 ImpressCMS 1.3.11 SQL Injection via bid Parameter

7.1CVSS6AI score0.00061EPSS

Exploits1References4

CVE•added 2026/04/12 12:28 p.m.•3 views

CVE-2019-25703

CVE-2019-25703 affects ImpressCMS 1.3.11. A time-based blind SQL injection exists in the bid parameter accessed via admin.php, allowing an authenticated user to manipulate queries and extract data. The vulnerability arises from improper handling of the bid input, enabling SQL commands to be injec...

8.8CVSS6AI score0.00061EPSS

Exploits1References4Affected Software1

CNNVD•added 2026/04/12 12:0 a.m.•1 views

ImpressCMS SQL注入漏洞

ImpressCMS is a modular content management system CMS based on MySQL, developed by ImpressCMS Inc. This system includes modules for news publishing, forums, and photo albums. Version 1.3.11 of ImpressCMS has a SQL injection vulnerability, which stems from insufficient input validation for the bid...

8.8CVSS5.9AI score0.00061EPSS

Exploits1References4

Positive Technologies•added 2026/04/12 12:0 a.m.•0 views

PT-2026-32166

7.1CVSS6AI score0.00061EPSS

Exploits1References5

Packet Storm News•added 2026/02/02 12:0 a.m.•2 views

ImpressCMS 1.3.10 Cross Site Scripting

Multiple cross site scripting vulnerabilities exist in ImpressCMS version 1.3.10, including both reflected and persistent cross site scripting. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. This issue is older research added to the archive...

4.6AI score

Exploits0

NVD•added 2026/01/13 11:15 p.m.•2 views

CVE-2022-50912

ImpressCMS 1.4.4 contains a file upload vulnerability with weak extension sanitization that allows attackers to upload potentially malicious files. Attackers can bypass file upload restrictions by using alternative file extensions .php2.php6.php7.phps.pht to execute arbitrary PHP code on the serv...

9.8CVSS0.00256EPSS

Exploits1References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by