CVE-2021-26600

CVE-2021-26600

EPSS 5.5%

ImpressCMS before 1.4.3 has plugins/preloads/autologin.php type confusion with resultant Authentication Bypass (!= instead of !==).

Produtos afetados

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

http://karmainsecurity.com/KIS-2022-01 http://packetstormsecurity.com/files/166393/ImpressCMS-1.4.2-Authentication-Bypass.html http://seclists.org/fulldisclosure/2022/Mar/43 https://hackerone.com/reports/1081986