Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS02NXg4LTl2Z20tNWZnNc4AAnVB
Feehi CMS arbitrary file upload vulnerability
Feehi CMS 2.1.0-beta is affected by an arbitrary file upload vulnerability, potentially resulting in remote code execution. After an administrator logs in, open the administrator image upload page to potentially upload malicious files.
Permalink: https://github.com/advisories/GHSA-65x8-9vgm-5fg5JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS02NXg4LTl2Z20tNWZnNc4AAnVB
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 2 years ago
Updated: over 1 year ago
CVSS Score: 7.2
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Identifiers: GHSA-65x8-9vgm-5fg5, CVE-2020-22643
References:
- https://nvd.nist.gov/vuln/detail/CVE-2020-22643
- https://github.com/liufee/cms/issues/51
- https://github.com/advisories/GHSA-65x8-9vgm-5fg5
Blast Radius: 1.0
Affected Packages
packagist:feehi/cms
Dependent packages: 0Dependent repositories: 0
Downloads: 2,903 total
Affected Version Ranges: <= 2.1.0-beta
No known fixed version
All affected versions: 0.0.1, 0.0.2, 0.0.3, 0.0.4, 0.0.5, 0.0.6, 0.0.7, 0.0.8, 0.0.9, 0.1.0, 0.1.1, 0.1.2, 0.1.3, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.1.0-beta