Description
ImpressCMS before 1.4.3 has plugins/preloads/autologin.php type confusion with resultant Authentication Bypass (!= instead of !==).
References (4)
Core 4
Core References
Exploit, Third Party Advisory x_refsource_misc
https://hackerone.com/reports/1081986
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/166393/ImpressCMS-1.4.2-Authentication-Bypass.html
Exploit, Mailing List, Third Party Advisory x_refsource_misc
http://seclists.org/fulldisclosure/2022/Mar/43
Third Party Advisory x_refsource_misc
http://karmainsecurity.com/KIS-2022-01
Scores
CVSS v3
9.8
EPSS
0.0121
EPSS Percentile
79.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-843
Status
published
Products (2)
impresscms/impresscms
< 1.4.3
impresscms/impresscms
0 - 1.4.3Packagist
Published
Mar 28, 2022
Tracked Since
Feb 18, 2026