CVE-2020-22643 – feehi/cms

Package

Manager: composer
Name: feehi/cms
Vulnerable Version: >=0 <=2.1.0-beta

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.02117 pctl0.83453

Details

Feehi CMS arbitrary file upload vulnerability Feehi CMS 2.1.0-beta is affected by an arbitrary file upload vulnerability, potentially resulting in remote code execution. After an administrator logs in, open the administrator image upload page to potentially upload malicious files.

Metadata

Created: 2022-05-24T17:40:04Z
Modified: 2023-07-07T13:48:29Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-65x8-9vgm-5fg5/GHSA-65x8-9vgm-5fg5.json
CWE IDs: ["CWE-434"]
Alternative ID: GHSA-65x8-9vgm-5fg5
Finding: F027
Auto approve: 1