CVE-2022-50912

Source
https://cve.org/CVERecord?id=CVE-2022-50912
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-50912.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-50912
Published
2026-01-13T22:51:51.296Z
Modified
2026-07-15T01:49:00.685556418Z
Severity
  • 9.3 (Critical) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVSS Calculator
Summary
ImpressCMS 1.4.4 - Unrestricted File Upload
Details

ImpressCMS 1.4.4 contains a file upload vulnerability with weak extension sanitization that allows attackers to upload potentially malicious files. Attackers can bypass file upload restrictions by using alternative file extensions .php2.php6.php7.phps.pht to execute arbitrary PHP code on the server.

Database specific
{
    "cna_assigner": "VulnCheck",
    "cwe_ids": [
        "CWE-434"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50912.json"
}
References

Affected packages

Git / github.com/impresscms/impresscms

Affected ranges

Type
GIT
Repo
https://github.com/impresscms/impresscms
Events
Database specific
{
    "source": [
        "AFFECTED_FIELD",
        "CPE_STRING"
    ],
    "cpe": "cpe:2.3:a:impresscms:impresscms:1.4.4:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "1.4.4"
        },
        {
            "last_affected": "1.4.4"
        }
    ]
}

Affected versions

1.*
1.4.4
v1.*
v1.4.4

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-50912.json"