CVE-2022-50912

CRITICAL SEVERITY

CVSS Score & Metrics

Base Score

9.8 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H                                    

Vulnerability Description

ImpressCMS 1.4.4 contains a file upload vulnerability with weak extension sanitization that allows attackers to upload potentially malicious files. Attackers can bypass file upload restrictions by using alternative file extensions .php2.php6.php7.phps.pht to execute arbitrary PHP code on the server.

Vulnerability Details

Published Date

January 13, 2026

Last Modified

January 14, 2026

CWE ID

CWE-434

Source

NVD

External References

https://github.com/ImpressCMS/impresscms
https://www.exploit-db.com/exploits/50890
https://www.impresscms.org/
https://www.vulncheck.com/advisories/impresscms-unrestricted-file-upload

CVE-2022-50912

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment