ImpressCMS/impresscms

ImpressCMS/impresscms

www.impresscms.org

Releases71

Frequency3 months 4 days

Last Release 2 months ago

Stars29

A multilingual, extensible, community oriented CMS developed in PHP

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2022-50912 ↗	Jan 13, 2026Tuesday, 13 January 2026, 23:15	9.8 CRITICAL	—
ImpressCMS 1.4.4 contains a file upload vulnerability with weak extension sanitization that allows attackers to upload potentially malicious files. Attackers can bypass file upload restrictions by using alternative file extensions .php2.php6.php7.phps.pht to execute arbitrary PHP code on the server.
CVE-2022-24977 ↗	Feb 14, 2022Monday, 14 February 2022, 12:15	9.8 CRITICAL	7.5 HIGH
ImpressCMS before 1.4.2 allows unauthenticated remote code execution via ...../// directory traversal in origName or imageName, leading to unsafe interaction with the CKEditor processImage.php script. The payload may be placed in PHP_SESSION_UPLOAD_PROGRESS when the PHP installation supports upload_progress.
CVE-2020-17551 ↗	Oct 7, 2020Wednesday, 7 October 2020, 17:15	4.8 MEDIUM	3.5 LOW
ImpressCMS 1.4.0 is affected by XSS in modules/system/admin.php which may result in arbitrary remote code execution.