CVE-2021-26600

CVE-2021-26600

EPSS 5.5%

ImpressCMS before 1.4.3 has plugins/preloads/autologin.php type confusion with resultant Authentication Bypass (!= instead of !==).

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://karmainsecurity.com/KIS-2022-01 http://packetstormsecurity.com/files/166393/ImpressCMS-1.4.2-Authentication-Bypass.html http://seclists.org/fulldisclosure/2022/Mar/43 https://hackerone.com/reports/1081986