CVE Tools

impresscms

Web & CMS Pluginsoss-project

13

Cumulative CVEs

9

Monthly snapshots

#59

Peak rank

Top products

Latest CVEs

The 15 most recently published vulnerabilities affecting impresscms.

CVE-2021-47938ImpressCMS 1.4.2 Remote Code Execution via Autotasks8.8May 10, 2026
CVE-2019-25703ImpressCMS 1.3.11 SQL Injection via bid Parameter7.1Apr 12, 2026
CVE-2022-50912ImpressCMS 1.4.4 - Unrestricted File Upload9.8Jan 13, 2026
CVE-2023-37785A cross-site scripting (XSS) vulnerability in ImpressCMS v1.4.5 and before allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the smile_code parameter of ...4.8Jul 13, 2023
CVE-2022-26986SQL Injection in ImpressCMS 1.4.3 and earlier allows remote attackers to inject into the code in unintended way, this allows an attacker to read and modify the sensitive information from the databa...7.2Apr 5, 2022
CVE-2021-26601ImpressCMS before 1.4.3 allows libraries/image-editor/image-edit.php image_temp Directory Traversal.8.1Mar 28, 2022
CVE-2021-26600ImpressCMS before 1.4.3 has plugins/preloads/autologin.php type confusion with resultant Authentication Bypass (!= instead of !==).9.8Mar 28, 2022
CVE-2021-26599ImpressCMS before 1.4.3 allows include/findusers.php groups SQL Injection.9.8Mar 28, 2022
CVE-2021-26598ImpressCMS before 1.4.3 has Incorrect Access Control because include/findusers.php allows access by unauthenticated attackers (who are, by design, able to have a security token).5.3Mar 28, 2022
CVE-2022-24977ImpressCMS before 1.4.2 allows unauthenticated remote code execution via ...../// directory traversal in origName or imageName, leading to unsafe interaction with the CKEditor processImage.php scri...9.8Feb 13, 2022
CVE-2021-28088Cross-site scripting (XSS) in modules/content/admin/content.php in ImpressCMS profile 1.4.2 allows remote attackers to inject arbitrary web script or HTML parameters through the "Display Name" field.5.4Mar 11, 2021
CVE-2020-17551ImpressCMS 1.4.0 is affected by XSS in modules/system/admin.php which may result in arbitrary remote code execution.4.8Oct 7, 2020
CVE-2018-13983ImpressCMS 1.3.10 has XSS via the PATH_INFO to htdocs/install/index.php, htdocs/install/page_langselect.php, or htdocs/install/page_modcheck.php.6.1May 6, 2019
CVE-2014-1836Absolute path traversal vulnerability in htdocs/libraries/image-editor/image-edit.php in ImpressCMS before 1.3.6 allows remote attackers to delete arbitrary files via a full pathname in the image_p...6.4Jul 1, 2015
CVE-2014-4036Cross-site scripting (XSS) vulnerability in modules/system/admin.php in ImpressCMS 1.3.6.1 allows remote attackers to inject arbitrary web script or HTML via the query parameter in a listimg action.4.3Jun 11, 2014