Security Advisory

CVE-2021-26598

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-03-28 00:31:42

Last updated 2024-08-03 20:26:25

Assigner mitre

State PUBLISHED

Description

ImpressCMS before 1.4.3 has Incorrect Access Control because include/findusers.php allows access by unauthenticated attackers (who are, by design, able to have a security token).

← Browse all CVEs View on cve.org ↗