CVEs-PoC/2021/CVE-2021-26600.md

CVE-2021-26600

Description

ImpressCMS before 1.4.3 has plugins/preloads/autologin.php type confusion with resultant Authentication Bypass (!= instead of !==).

POC

Reference

• http://packetstormsecurity.com/files/166393/ImpressCMS-1.4.2-Authentication-Bypass.html
• https://hackerone.com/reports/1081986

Github

• https://github.com/20142995/nuclei-templates
• https://github.com/ARPSyndicate/cve-scores
• https://github.com/ARPSyndicate/cvemon
• https://github.com/cyb3r-w0lf/nuclei-template-collection