CVE-2021-26598
23Vexday Risk Score
Patch soon. It has a working public exploit.
ssvc Attendepss 11%
exploitation probability
11%top 5% of all CVEs
observed exploitation
nono source reports it
ImpressCMS before 1.4.3 has Incorrect Access Control because include/findusers.php allows access by unauthenticated attackers (who are, by design, able to have a security token).
Affected products
n/a · n/a