Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-26598 PoC — ImpressCMS 授权问题漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-26598.yaml
Associated Vulnerability
Title:ImpressCMS 授权问题漏洞 (CVE-2021-26598)
Description:ImpressCMS是一套基于MySQL的、模块化的内容管理系统(CMS)。该系统包括新闻发布、论坛和相册等模块。 ImpressCMS存在授权问题漏洞,该漏洞的存在是由于/include/findusers.php文件中的访问限制不正确。远程攻击者可以绕过实施的安全限制并获取有关应用程序用户的敏感信息。该漏洞允许远程攻击者未经授权访问其他受限功能。
Description
ImpressCMS before 1.4.3 is susceptible to incorrect authorization via include/findusers.php. An attacker can provide a security token and potentially obtain sensitive information, modify data, and/or execute unauthorized operations.
File Snapshot

 id: CVE-2021-26598

info:
  name: ImpressCMS <1.4.3 - Incorrect Authorization
  author: gy741,pdteam

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.