Vulnerabilities > Impresscms > Impresscms > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-05 | CVE-2022-26986 | SQL Injection vulnerability in Impresscms SQL Injection in ImpressCMS 1.4.3 and earlier allows remote attackers to inject into the code in unintended way, this allows an attacker to read and modify the sensitive information from the database used by the application. | 7.2 |
| 2022-03-28 | CVE-2021-26599 | SQL Injection vulnerability in Impresscms ImpressCMS before 1.4.3 allows include/findusers.php groups SQL Injection. | 7.5 |
| 2022-03-28 | CVE-2021-26600 | Type Confusion vulnerability in Impresscms ImpressCMS before 1.4.3 has plugins/preloads/autologin.php type confusion with resultant Authentication Bypass (!= instead of !==). | 7.5 |
| 2022-02-14 | CVE-2022-24977 | Path Traversal vulnerability in Impresscms ImpressCMS before 1.4.2 allows unauthenticated remote code execution via ...../// directory traversal in origName or imageName, leading to unsafe interaction with the CKEditor processImage.php script. | 7.5 |
| 2010-11-17 | CVE-2010-4271 | SQL Injection vulnerability in Impresscms SQL injection vulnerability in ImpressCMS before 1.2.3 RC2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |