CVE-2022-50912
ImpressCMS 1.4.4 - Unrestricted File Upload
Vexday Risk Score
28Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 9.3EPSS 1.0%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
13 Jan 2026Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
ImpressCMS 1.4.4 contains a file upload vulnerability with weak extension sanitization that allows attackers to upload potentially malicious files. Attackers can bypass file upload restrictions by using alternative file extensions .php2.php6.php7.phps.pht to execute arbitrary PHP code on the server.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected products
ImpressCMS · ImpressCMSWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →