CVE-2022-50912

Name of the Vulnerable Software and Affected Versions ImpressCMS version 1.4.4

Description The software contains a file upload issue due to insufficient extension validation. This allows attackers to upload potentially malicious files by bypassing file upload restrictions using alternative file extensions such as .php2, .php6, .php7, .phps, and .pht. Successful exploitation could lead to the execution of arbitrary PHP code on the server.

Recommendations Update to a newer version that contains a fix for this vulnerability.