Find real vulnerabilities before they ship
Vulnerability Database › packagist › CVE-2021-26598
ImpressCMS before 1.4.3 has Incorrect Access Control because include/findusers.php allows access by unauthenticated attackers (who are, by design, able to have a security token).
Base Score