CVE-2022-50912
File Upload Vulnerability in ImpressCMS 1.4.4 Enables Remote Code Execution
Publication date: 2026-01-13
Last updated on: 2026-02-03
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| impresscms | impresscms | 1.4.4 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in ImpressCMS 1.4.4 is a file upload weakness caused by insufficient sanitization of file extensions. Attackers can bypass file upload restrictions by using alternative PHP-related file extensions such as .php2, .php6, .php7, .phps, and .pht. This allows them to upload malicious files that can execute arbitrary PHP code on the server, potentially leading to remote code execution. [2, 3]
How can this vulnerability impact me? :
The vulnerability can have severe impacts including unauthorized remote code execution on the server hosting ImpressCMS. This can lead to full compromise of the server, allowing attackers to access, modify, or delete sensitive data, disrupt service availability, and potentially use the server as a foothold for further attacks. [2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
You can detect this vulnerability by scanning your ImpressCMS installation for uploaded files with suspicious alternative PHP extensions such as .php2, .php6, .php7, .phps, and .pht. On the server, you can use commands like `find /path/to/impresscms/uploads -type f \( -name '*.php2' -o -name '*.php6' -o -name '*.php7' -o -name '*.phps' -o -name '*.pht' \)` to locate potentially malicious files. Additionally, monitoring web server logs for requests to files with these extensions may help identify exploitation attempts. [2, 3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting or disabling file uploads until a patch or update is applied. You should implement a whitelist approach for allowed file extensions instead of relying on blacklists, blocking all extensions except those explicitly permitted. Additionally, review and remove any suspicious files with alternative PHP extensions from your server. Applying any available security updates or patches from ImpressCMS is also critical to address this vulnerability. [2, 3]