Security Advisory

CVE-2022-24977

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-02-13 06:39:33

Last updated 2024-08-03 04:29:01

Assigner mitre

State PUBLISHED

Description

ImpressCMS before 1.4.2 allows unauthenticated remote code execution via ...../// directory traversal in origName or imageName, leading to unsafe interaction with the CKEditor processImage.php script. The payload may be placed in PHP_SESSION_UPLOAD_PROGRESS when the PHP installation supports upload_progress.

← Browse all CVEs View on cve.org ↗