ImpressCMS v1.4.4 Exploit, Unrestricted File Upload

# Exploit Title: ImpressCMS v1.4.4 - Unrestricted File Upload
# Date: 7/4/2022
# Exploit Author: √únsal Furkan Harani (Zemarkhos)
# Vendor Homepage: https://www.impresscms.org/
# Software Link: https://github.com/ImpressCMS/impresscms
# Version: v1.4.4

# Description:
Between lines 152 and 162, we see the function "extensionsToBeSanitized".Since the blacklist method is weak, it is familiar that the file can be uploaded in the extensions mentioned below.

.php2, .php6, .php7, .phps, .pht, .pgif, .shtml, .htaccess, .phar, .inc

Impresscms/core/File/MediaUploader.php Between lines 152 and 162:
private $extensionsToBeSanitized = array('php','phtml','phtm','php3','php4','cgi','pl','asp','php5');

All rights reserved nPulse.net 2009 - 2022
Powered by: MVCP 2.0-RC / BVCP / ASPF-MILTER / PHP 7.4 / NGINX / FreeBSD