GHSA-f99r-jjgr-f373

Suggest an improvement
Source
https://github.com/advisories/GHSA-f99r-jjgr-f373
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/04/GHSA-f99r-jjgr-f373/GHSA-f99r-jjgr-f373.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-f99r-jjgr-f373
Aliases
Published
2022-04-06T00:01:30Z
Modified
2023-11-08T04:08:55.902971Z
Severity
  • 7.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
SQL injection in ImpressCMS
Details

SQL Injection in ImpressCMS 1.4.3 and earlier allows remote attackers to inject into the code in unintended way, this allows an attacker to read and modify the sensitive information from the database used by the application. If misconfigured, an attacker can even upload a malicious web shell to compromise the entire system.

Database specific 
{
    "nvd_published_at": "2022-04-05T15:15:00Z",
    "github_reviewed_at": "2022-04-07T18:21:23Z",
    "severity": "HIGH",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-89"
    ]
}
References

Affected packages

Packagist / impresscms/impresscms

Package

Name
impresscms/impresscms
Purl
pkg:composer/impresscms/impresscms

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
1.4.3