{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2022-50912","assignerOrgId":"83251b91-4cc7-4094-a5c7-464a1b83ea10","state":"PUBLISHED","assignerShortName":"VulnCheck","dateReserved":"2026-01-11T13:14:18.876Z","datePublished":"2026-01-13T22:51:51.296Z","dateUpdated":"2026-03-05T01:29:30.264Z"},"containers":{"cna":{"providerMetadata":{"orgId":"83251b91-4cc7-4094-a5c7-464a1b83ea10","shortName":"VulnCheck","dateUpdated":"2026-03-05T01:29:30.264Z"},"datePublic":"2022-07-04T00:00:00.000Z","title":"ImpressCMS 1.4.4 - Unrestricted File Upload","descriptions":[{"lang":"en","value":"ImpressCMS 1.4.4 contains a file upload vulnerability with weak extension sanitization that allows attackers to upload potentially malicious files. Attackers can bypass file upload restrictions by using alternative file extensions .php2.php6.php7.phps.pht to execute arbitrary PHP code on the server."}],"problemTypes":[{"descriptions":[{"lang":"en","description":"Unrestricted Upload of File with Dangerous Type","cweId":"CWE-434","type":"CWE"}]}],"affected":[{"vendor":"ImpressCMS","product":"ImpressCMS","versions":[{"version":"1.4.4","status":"affected"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:impresscms:impresscms:1.4.4:*:*:*:*:*:*:*"}]}]}],"metrics":[{"cvssV4_0":{"Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"NETWORK","baseScore":9.3,"baseSeverity":"CRITICAL","exploitMaturity":"NOT_DEFINED","privilegesRequired":"NONE","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","userInteraction":"NONE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N","version":"4.0","vulnAvailabilityImpact":"HIGH","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnerabilityResponseEffort":"NOT_DEFINED"},"format":"CVSS"},{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"format":"CVSS"}],"references":[{"url":"https://www.exploit-db.com/exploits/50890","name":"ExploitDB-50890","tags":["exploit"]},{"url":"https://www.impresscms.org/","name":"Official ImpressCMS Homepage","tags":["product"]},{"url":"https://github.com/ImpressCMS/impresscms","name":"ImpressCMS GitHub Repository","tags":["product"]},{"name":"VulnCheck Advisory: ImpressCMS 1.4.4 - Unrestricted File Upload","tags":["third-party-advisory"],"url":"https://www.vulncheck.com/advisories/impresscms-unrestricted-file-upload"}],"credits":[{"lang":"en","value":"Ünsal Furkan Harani (Zemarkhos)","type":"finder"}],"x_generator":{"engine":"vulncheck"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-01-14T16:14:57.832830Z","id":"CVE-2022-50912","options":[{"Exploitation":"poc"},{"Automatable":"yes"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-01-14T16:15:05.429Z"}}]}}