Cyber Resilience

CVE-2022-24977

CriticalPublic PoC

Published: 14 February 2022

Published
14 February 2022
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.2807 96.6th percentile
Risk Priority 36 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-24977 is a critical-severity Path Traversal (CWE-22) vulnerability in Impresscms Impresscms. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 3.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

ImpressCMS versions prior to 1.4.2 contain a path traversal vulnerability tracked as CVE-2022-24977. The flaw resides in the handling of the origName or imageName parameters passed to the CKEditor processImage.php script, where sequences such as ...../// can be supplied to escape intended directories. When the PHP installation enables the upload_progress feature, an attacker can also leverage the PHP_SESSION_UPLOAD_PROGRESS mechanism to place a malicious payload that the script subsequently executes.

Unauthenticated remote attackers can exploit the issue over the network without any credentials or user interaction. Successful traversal allows arbitrary file writes or direct execution of attacker-controlled PHP code, resulting in full compromise of the confidentiality, integrity, and availability of the affected ImpressCMS instance, consistent with the CVSS 9.8 rating and CWE-22 classification.

Public references point to the official remediation in ImpressCMS 1.4.2. The project’s GitHub commit a66d7bb499faafab803e24833606028fa0ba4261 and the corresponding 1.4.1-to-1.4.2 diff document the code changes that close the directory traversal vectors in the CKEditor integration.

The associated EPSS score has remained flat at a peak of 0.2807 since disclosure, indicating no material increase in observed exploitation interest.

EU & UK References

Vulnerability details

ImpressCMS before 1.4.2 allows unauthenticated remote code execution via ...../// directory traversal in origName or imageName, leading to unsafe interaction with the CKEditor processImage.php script. The payload may be placed in PHP_SESSION_UPLOAD_PROGRESS when the PHP installation supports upload_progress.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

impresscms
impresscms
≤ 1.4.2

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-22

Validates pathnames and filenames to prevent traversal outside intended directories.

References