Incorrect Access Control in ImpressCMS before 1.4.3: Unauthenticated Attackers Can Access include/findusers.php

Incorrect Access Control in ImpressCMS before 1.4.3: Unauthenticated Attackers Can Access include/findusers.php

CVE-2021-26598 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

ImpressCMS before 1.4.3 has Incorrect Access Control because include/findusers.php allows access by unauthenticated attackers (who are, by design, able to have a security token).

Learn more about our Cms Pen Testing.