← volver
CVE-2022-24977

CVE-2022-24977

EPSS 6.5%
ImpressCMS before 1.4.2 allows unauthenticated remote code execution via ...../// directory traversal in origName or imageName, leading to unsafe interaction with the CKEditor processImage.php script. The payload may be placed in PHP_SESSION_UPLOAD_PROGRESS when the PHP installation supports upload_progress.
Productos afectados
n/a · n/a

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/ImpressCMS/impresscms/commit/a66d7bb499faafab803e24833606028fa0ba4261https://github.com/ImpressCMS/impresscms/compare/1.4.1...v1.4.2https://r0.haxors.org/posts?id=8