Lucene search
+L

6 matches found

github
github
added 2022/02/15 12:2 a.m.29 views

Path Traversal in ImpressCMS

ImpressCMS before 1.4.2 allows unauthenticated remote code execution via ...../// directory traversal in origName or imageName, leading to unsafe interaction with the CKEditor processImage.php script. The payload may be placed in PHPSESSIONUPLOADPROGRESS when the PHP installation supports...

9.8CVSS6.2AI score0.06883EPSS
Exploits1References5Affected Software1
nvd
nvd
added 2022/02/14 12:15 p.m.26 views

CVE-2022-24977

ImpressCMS before 1.4.2 allows unauthenticated remote code execution via ...../// directory traversal in origName or imageName, leading to unsafe interaction with the CKEditor processImage.php script. The payload may be placed in PHPSESSIONUPLOADPROGRESS when the PHP installation supports...

9.8CVSS0.06883EPSS
Exploits1References3
prion
prion
added 2022/02/14 12:15 p.m.13 views

Remote code execution

ImpressCMS before 1.4.2 allows unauthenticated remote code execution via ...../// directory traversal in origName or imageName, leading to unsafe interaction with the CKEditor processImage.php script. The payload may be placed in PHPSESSIONUPLOADPROGRESS when the PHP installation supports...

7.5CVSS9.8AI score0.06883EPSS
Exploits1References3Affected Software1
cve
cve
added 2022/02/13 6:39 a.m.141 views

CVE-2022-24977

ImpressCMS has a directory traversal vulnerability (CVE-2022-24977) affecting versions before 1.4.2. The flaw allows unauthenticated remote code execution by traversing origName or imageName, triggering unsafe interaction with CKEditor processImage.php. In PHP environments that support upload_pro...

9.8CVSS9.8AI score0.06883EPSS
Exploits1References3Affected Software1
osv
osv
added 2022/02/13 6:39 a.m.14 views

CVE-2022-24977

ImpressCMS before 1.4.2 allows unauthenticated remote code execution via ...../// directory traversal in origName or imageName, leading to unsafe interaction with the CKEditor processImage.php script. The payload may be placed in PHPSESSIONUPLOADPROGRESS when the PHP installation supports...

9.8CVSS9.9AI score0.06883EPSS
Exploits1References5
cvelist
cvelist
added 2022/02/13 6:39 a.m.30 views

CVE-2022-24977

ImpressCMS before 1.4.2 allows unauthenticated remote code execution via ...../// directory traversal in origName or imageName, leading to unsafe interaction with the CKEditor processImage.php script. The payload may be placed in PHPSESSIONUPLOADPROGRESS when the PHP installation supports...

10AI score0.06883EPSS
Exploits1References3
Rows per page
Query Builder