CVE-2022-50912

Critical CVSS: 9.3

ImpressCMS 1.4.4 contains a file upload vulnerability with weak extension sanitization that allows attackers to upload potentially malicious files. Attackers can bypass file upload restrictions by using alternative file extensions .php2.php6.php7.phps.pht to execute arbitrary PHP code on the server.

Vendor

Impresscms

Product

Impresscms

CWE

CWE-434

Yayın Tarihi

2026-01-13 23:15:54

Güncelleme

2026-02-03 19:26:43

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-434 Impresscms CRITICAL Impresscms 2026

Referanslar

https://github.com/ImpressCMS/impresscms https://www.exploit-db.com/exploits/50890 https://www.impresscms.org/ https://www.vulncheck.com/advisories/impresscms-unrestricted-file-upload