ImpressCMS before 1.4.3 has Incorrect Access Control because include/findusers.php allows access by unauthenticated attackers (who are, by design, able to have a security token).
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| impresscms/impresscms(Packagist) | 0 | 1.4.3 | N/A |
CVSS Metrics
