CVE-2022-26986 - CERT CVE
ID CVE-2022-26986
Sažetak SQL Injection in ImpressCMS 1.4.3 and earlier allows remote attackers to inject into the code in unintended way, this allows an attacker to read and modify the sensitive information from the database used by the application. If misconfigured, an attacker can even upload a malicious web shell to compromise the entire system.
Reference
CVSS
Base: 8.5
Impact: 10.0
Exploitability:6.8
Pristup
VektorSloženostAutentikacija
NETWORK MEDIUM SINGLE
Impact
PovjerljivostCjelovitostDostupnost
COMPLETE COMPLETE COMPLETE
CVSS vektor AV:N/AC:M/Au:S/C:C/I:C/A:C
Zadnje važnije ažuriranje 27-03-2023 - 18:15
Objavljeno 05-04-2022 - 15:15