CVE-2021-26599

Description

ImpressCMS before 1.4.3 allows include/findusers.php groups SQL Injection.

How to fix CVE-2021-26599

To remediate CVE-2021-26599, upgrade the affected package to a fixed version below.

• Packagist/impresscms/impresscms—upgrade to 1.4.3 or later

Is CVE-2021-26599 being exploited?

Low — EPSS is 3.9%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 1.4.3

CVSS scores

References (7)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2021-26599
• PATCHgithub.com/ImpressCMS/impresscms
• WEBkarmainsecurity.com/KIS-2022-04
• WEBpacketstormsecurity.com/files/166404/ImpressCMS-1.4.2-SQL-Injection.html
• WEB