← back
CVE-2021-26598

CVE-2021-26598

23Vexday Risk Score

Patch soon. It has a working public exploit.

ssvc Attendepss 11%
exploitation probability
11%top 5% of all CVEs
observed exploitation
nono source reports it
ImpressCMS before 1.4.3 has Incorrect Access Control because include/findusers.php allows access by unauthenticated attackers (who are, by design, able to have a security token).
Affected products
n/a · n/a