CVE-2021-26601

Name of the Vulnerable Software and Affected Versions ImpressCMS versions prior to 1.4.3

Description The issue allows directory traversal via the image temp parameter in the libraries/image-editor/image-edit.php file. This can potentially lead to unauthorized access to sensitive files on the server.

Recommendations For versions prior to 1.4.3, update to version 1.4.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the libraries/image-editor/image-edit.php file until a patch is applied. Avoid using the image temp parameter in the affected file to minimize the risk of exploitation.