CVE-2022-26986
ImpressCMS v1.4.3 - Authenticated SQL Injection
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
SQL Injection in ImpressCMS 1.4.3 and earlier allows remote attackers to inject into the code in unintended way, this allows an attacker to read and modify the sensitive information from the database used by the application. If misconfigured, an attacker can even upload a malicious web shell to compromise the entire system.
Una inyección SQL en ImpressCMS versiones 1.4.3 y anteriores, permite a atacantes remotos inyectar en el código de forma no intencionada, esto permite a un atacante leer y modificar la información confidencial de la base de datos utilizada por la aplicación. Si es configurada inapropiadamente, un atacante puede incluso cargar una shell web maliciosa para comprometer todo el sistema
ImpressCMS version 1.4.3 suffers from a remote SQL injection vulnerability.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-03-14 CVE Reserved
- 2022-04-05 CVE Published
- 2023-03-25 First Exploit
- 2023-10-27 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CAPEC
References (3)
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/51056 | 2023-03-25 | |
| https://github.com/sartlabs/0days/blob/main/ImpressCMS1.4.3/Exploit.txt | 2024-08-03 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Impresscms Search vendor "Impresscms" | Impresscms Search vendor "Impresscms" for product "Impresscms" | <= 1.4.3 Search vendor "Impresscms" for product "Impresscms" and version " <= 1.4.3" | - |
Affected
| ||||||