Unrated severityOSV Advisory· Published Jan 13, 2026· Updated Mar 5, 2026
ImpressCMS 1.4.4 - Unrestricted File Upload
CVE-2022-50912
Description
ImpressCMS 1.4.4 contains a file upload vulnerability with weak extension sanitization that allows attackers to upload potentially malicious files. Attackers can bypass file upload restrictions by using alternative file extensions .php2.php6.php7.phps.pht to execute arbitrary PHP code on the server.
Affected products
1- Range: 1.3.10-beta, 1.3.8, 1.3.9, …
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- www.exploit-db.com/exploits/50890mitreexploit
- www.vulncheck.com/advisories/impresscms-unrestricted-file-uploadmitrethird-party-advisory
- www.impresscms.orgmitreproduct
News mentions
0No linked articles in our index yet.