CVE-2022-26986

Name of the Vulnerable Software and Affected Versions ImpressCMS versions 1.4.3 and earlier

Description The issue allows remote attackers to inject code in an unintended way, enabling them to read and modify sensitive information from the database used by the application. If the system is misconfigured, an attacker can upload a malicious web shell, potentially compromising the entire system.

Recommendations For ImpressCMS versions 1.4.3 and earlier, update to a version later than 1.4.3 to resolve the issue. As a temporary workaround, consider restricting access to sensitive database information and ensuring proper configuration to prevent malicious web shell uploads.