← back
CVE-2022-24977

CVE-2022-24977

EPSS 6.5%
ImpressCMS before 1.4.2 allows unauthenticated remote code execution via ...../// directory traversal in origName or imageName, leading to unsafe interaction with the CKEditor processImage.php script. The payload may be placed in PHP_SESSION_UPLOAD_PROGRESS when the PHP installation supports upload_progress.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/ImpressCMS/impresscms/commit/a66d7bb499faafab803e24833606028fa0ba4261https://github.com/ImpressCMS/impresscms/compare/1.4.1...v1.4.2https://r0.haxors.org/posts?id=8