Unrated severityOSV Advisory· Published Jan 13, 2026· Updated Mar 5, 2026
ImpressCMS 1.4.4 - Unrestricted File Upload
CVE-2022-50912
Description
ImpressCMS 1.4.4 contains a file upload vulnerability with weak extension sanitization that allows attackers to upload potentially malicious files. Attackers can bypass file upload restrictions by using alternative file extensions .php2.php6.php7.phps.pht to execute arbitrary PHP code on the server.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
21.3.10-beta, 1.3.8, 1.3.9, …+ 1 more
- (no CPE)range: 1.3.10-beta, 1.3.8, 1.3.9, …
- (no CPE)range: =1.4.4
Patches
Vulnerability mechanics
References
3- www.exploit-db.com/exploits/50890mitreexploit
- www.vulncheck.com/advisories/impresscms-unrestricted-file-uploadmitrethird-party-advisory
- www.impresscms.orgmitreproduct
News mentions
0No linked articles in our index yet.