CVE-2022-34971 – feehi/cms

Package

Manager: composer
Name: feehi/cms
Vulnerable Version: >=0 <=2.1.1

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.0074 pctl0.72041

Details

Feehi CMS arbitrary code execution via crafted PHP file An arbitrary file upload vulnerability in the Advertising Management module of Feehi CMS v2.1.1 allows attackers to execute arbitrary code via a crafted PHP file.

Metadata

Created: 2022-07-28T00:00:53Z
Modified: 2022-08-06T05:31:43Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/07/GHSA-jxg9-2ch7-f552/GHSA-jxg9-2ch7-f552.json
CWE IDs: ["CWE-434"]
Alternative ID: GHSA-jxg9-2ch7-f552
Finding: F027
Auto approve: 1