Vulnerability Description
ImpressCMS 1.4.2 contains a remote code execution vulnerability in the autotasks administrative interface that allows authenticated attackers to execute arbitrary PHP code by injecting malicious code into the sat_code parameter. Attackers can authenticate, submit a POST request to /modules/system/admin.php?fct=autotasks&op=mod with crafted sat_code containing PHP commands, which creates an executable file that accepts arbitrary commands via GET parameters.
CVSS Score
HIGH
Related Weaknesses (CWE)
References
- https://www.exploit-db.com/exploits/50298
- https://www.impresscms.org/
- https://www.impresscms.org/modules/downloads/
- https://www.vulncheck.com/advisories/impresscms-remote-code-execution-via-autota
FAQ
What is CVE-2021-47938?
CVE-2021-47938 is a vulnerability with a CVSS score of 8.8 (HIGH). ImpressCMS 1.4.2 contains a remote code execution vulnerability in the autotasks administrative interface that allows authenticated attackers to execute arbitrary PHP code by injecting malicious code ...
How severe is CVE-2021-47938?
CVE-2021-47938 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-47938?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.