CVE-2021-26599
CRITICAL NUCLEIImpresscms < 1.4.4 - SQL Injection
Title source: ruleDescription
ImpressCMS before 1.4.3 allows include/findusers.php groups SQL Injection.
Exploits (1)
Nuclei Templates (1)
ImpressCMS < 1.4.3 - SQL Injection
HIGHby ritikchaddha
Shodan:
http.html:"ImpressCMS"
FOFA:
body="ImpressCMS"
References (4)
Scores
CVSS v3
9.8
EPSS
0.0464
EPSS Percentile
89.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-89
Status
published
Products (2)
impresscms/impresscms
< 1.4.4
impresscms/impresscms
0 - 1.4.3Packagist
Published
Mar 28, 2022
Tracked Since
Feb 18, 2026