Shodan
Vulnerabilities
Vulnerable Software
Impresscms:  Security Vulnerabilities
CVE-2014-1836
Absolute path traversal vulnerability in htdocs/libraries/image-editor/image-edit.php in ImpressCMS before 1.3.6 allows remote attackers to delete arbitrary files via a full pathname in the image_path parameter in a cancel action.
CVSS Score
6.4
EPSS Score
0.181
Published
2015-07-01
CVE-2014-4036
Cross-site scripting (XSS) vulnerability in modules/system/admin.php in ImpressCMS 1.3.6.1 allows remote attackers to inject arbitrary web script or HTML via the query parameter in a listimg action.
CVSS Score
4.3
EPSS Score
0.002
Published
2014-06-11
CVE-2012-0986
Multiple cross-site scripting (XSS) vulnerabilities in ImpressCMS 1.2.x before 1.2.7 Final and 1.3.x before 1.3.1 Final allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) notifications.php, (2) modules/system/admin/images/browser.php, and (3) modules/content/admin/content.php.
CVSS Score
4.3
EPSS Score
0.007
Published
2012-10-06
CVE-2012-0987
Directory traversal vulnerability in edituser.php in ImpressCMS 1.2.x before 1.2.7 Final and 1.3.x before 1.3.1 Final allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the icmsConfigPlugins[sanitizer_plugins][] parameter.
CVSS Score
6.0
EPSS Score
0.027
Published
2012-10-06
CVE-2010-4616
Cross-site scripting (XSS) vulnerability in modules/content/admin/content.php in ImpressCMS 1.2.3 Final, and possibly other versions before 1.2.4, allows remote attackers to inject arbitrary web script or HTML via the quicksearch_ContentContent parameter.
CVSS Score
4.3
EPSS Score
0.003
Published
2010-12-29
CVE-2010-4271
SQL injection vulnerability in ImpressCMS before 1.2.3 RC2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVSS Score
7.5
EPSS Score
0.004
Published
2010-11-17
CVE-2008-6360
Cross-site scripting (XSS) vulnerability in the userranks feature in modules/system/admin.php in ImpressCMS 1.0.2 final allows remote attackers to inject arbitrary web script or HTML via the rank_title parameter. NOTE: some of these details are obtained from third party information.
CVSS Score
4.3
EPSS Score
0.003
Published
2009-03-02
CVE-2008-5964
Session fixation vulnerability in Social ImpressCMS before 1.1.1 RC1 allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.
CVSS Score
6.8
EPSS Score
0.009
Published
2009-01-23
CVE-2008-3453
Multiple unspecified vulnerabilities in ImpressCMS 1.0 have unknown impact and attack vectors, related to modules/admin.php and "a few files."
CVSS Score
10.0
EPSS Score
0.003
Published
2008-08-04


Products
Pricing
Contact Us

Shodan ® - All rights reserved