CVE-2022-26986

HIGH

ImpressCMS <1.4.3 - SQL Injection

Title source: llm

Description

SQL Injection in ImpressCMS 1.4.3 and earlier allows remote attackers to inject into the code in unintended way, this allows an attacker to read and modify the sensitive information from the database used by the application. If misconfigured, an attacker can even upload a malicious web shell to compromise the entire system.

Exploits (1)

exploitdb WORKING POC

by Sarang Tumne · textwebappsphp

https://www.exploit-db.com/exploits/51056

View Code ZIP pw:eip

References (2)

[Exploit, Third Party Advisory] http://packetstormsecurity.com/files/171485/ImpressCMS-1.4.3-SQL-Injection.html

[Exploit, Third Party Advisory] https://github.com/sartlabs/0days/blob/main/ImpressCMS1.4.3/Exploit.txt

Scores

CVSS v3 7.2

EPSS 0.0142

EPSS Percentile 80.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-89

Status published

Products (2)

impresscms/impresscms < 1.4.3

impresscms/impresscms 0Packagist

Published Apr 05, 2022

Tracked Since Feb 18, 2026