CNNVD-202601-1936 Information

CNNVD ID

CNNVD-202601-1936

Related CVE

CVE-2022-50912

• CNNVD Published: 2026-01-13

Description (Chinese)

ImpressCMS是ImpressCMS公司的一套基于MySQL的、模块化的内容管理系统（CMS）。该系统包括新闻发布、论坛和相册等模块。 ImpressCMS 1.4.4版本存在代码问题漏洞，该漏洞源于文件上传扩展名清理不当，可能导致攻击者上传恶意文件并执行任意PHP代码。

Description (English)

ImpressCMS is an ImpressCMS-based, modular content management system (CMS) based on MySQL. The system includes modules such as press releases, forums and albums. Impress CMS 1.4.4 has a code problem loophole, which stems from inappropriate document upload extension clean-up, which may result in the attackers uploading malicious documents and implementing any PHP code.

Hazard Level

Low

Vulnerability Type

代码问题

Affected Vendor

ImpressCMS

Published

2026-01-13

Last Modified

2026-02-24

References

https://github.com/ImpressCMS/impresscms https://www.exploit-db.com/exploits/50890 https://www.impresscms.org/ https://www.vulncheck.com/advisories/impresscms-unrestricted-file-upload