Vulnerabilities > Impresscms > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-28 | CVE-2021-26599 | SQL Injection vulnerability in Impresscms ImpressCMS before 1.4.3 allows include/findusers.php groups SQL Injection. | 9.8 |
| 2022-03-28 | CVE-2021-26600 | Type Confusion vulnerability in Impresscms ImpressCMS before 1.4.3 has plugins/preloads/autologin.php type confusion with resultant Authentication Bypass (!= instead of !==). | 9.8 |
| 2022-02-14 | CVE-2022-24977 | Path Traversal vulnerability in Impresscms ImpressCMS before 1.4.2 allows unauthenticated remote code execution via ...../// directory traversal in origName or imageName, leading to unsafe interaction with the CKEditor processImage.php script. | 9.8 |