CVE-2022-50912

ImpressCMS · ImpressCMS

ImpressCMS 1.4.4 contains a file upload vulnerability where inadequate extension sanitization allows attackers to upload and execute malicious PHP files.

Executive summary

An unauthenticated arbitrary file upload vulnerability in ImpressCMS 1.4.4 allows attackers to execute malicious code on the underlying server.

Vulnerability

The vulnerability stems from weak extension sanitization during the file upload process. An attacker can bypass security restrictions by utilizing alternative PHP extensions (e.g., .php2, .php6, .php7) to upload and subsequently execute arbitrary code.

Business impact

Successful exploitation of this vulnerability allows an attacker to gain remote code execution capabilities on the web server. This can lead to total site compromise, defacement, data exfiltration, or the installation of backdoors for persistent access. Given the CVSS score of 9.8, this flaw represents a critical threat to the confidentiality, integrity, and availability of the ImpressCMS platform.

Remediation

Immediate Action: Upgrade to the latest version of ImpressCMS to implement robust file upload validation and extension filtering.

Proactive Monitoring: Monitor the web server’s upload directories for unauthorized files and review server logs for suspicious execution attempts of non-standard PHP extensions.

Compensating Controls: Implement strict file type validation at the web server level and restrict execution permissions for directories where user uploads are stored.

Exploitation status

Public Exploit Available: Unknown

Analyst recommendation

This vulnerability is highly severe because it allows for direct server-side code execution. Organizations running ImpressCMS 1.4.4 must treat this as a high-priority remediation task and deploy the vendor-supplied update immediately to prevent unauthorized access and potential malware deployment.