We’re taking on a small number of new builds and rebuilds this quarter. Book a call to see if your project is a fit.

CVE CVE-2022-50912

CVE-2022-50912

PHP

Severity: CRITICAL
CVSS: 9.8CVSS
Published: 2026-01-13
Last modified: 2026-02-03
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-434

Description

ImpressCMS 1.4.4 contains a file upload vulnerability with weak extension sanitization that allows attackers to upload potentially malicious files. Attackers can bypass file upload restrictions by using alternative file extensions .php2.php6.php7.phps.pht to execute arbitrary PHP code on the server.

References

https://github.com/ImpressCMS/impresscms
https://www.exploit-db.com/exploits/50890
https://www.impresscms.org/
https://www.vulncheck.com/advisories/impresscms-unrestricted-file-upload

Summary

Description

References