4 matches found
CVE-2025-29930
imFAQ is an advanced questions and answers management system for ImpressCMS. Prior to 1.0.1, if the $GET'seoOp' parameter is manipulated to include malicious input e.g., seoOp=php://filter/read=convert.base64-encode/resource=/var/www/html/config.php, the application could allow an attacker to rea...
CVE-2025-29930
imFAQ is an advanced questions and answers management system for ImpressCMS. Prior to 1.0.1, if the $GET'seoOp' parameter is manipulated to include malicious input e.g., seoOp=php://filter/read=convert.base64-encode/resource=/var/www/html/config.php, the application could allow an attacker to rea...
CVE-2025-29930 imFAQ allows local file inclusion in seo.php
imFAQ is an advanced questions and answers management system for ImpressCMS. Prior to 1.0.1, if the $GET'seoOp' parameter is manipulated to include malicious input e.g., seoOp=php://filter/read=convert.base64-encode/resource=/var/www/html/config.php, the application could allow an attacker to rea...
CVE-2025-29930
CVE-2025-29930 affects imFAQ (ImpressCMS) prior to version 1.0.1. The root cause is unsanitized GET parameters seoOp and seoArg, which can be manipulated (e.g., seoOp=php://filter/read=convert.base64-encode/resource=/var/www/html/config.php) to trigger a Local File Inclusion (LFI) that could allo...