Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1qajYyLW1jM20tajc2Oc4AAupU
FeehiCMS has an arbitrary file upload vulnerability
There is an arbitrary file upload vulnerability in FeehiCMS 2.0.8.1 at the head image upload, that allows attackers to execute relevant PHP code.
Permalink: https://github.com/advisories/GHSA-jj62-mc3m-j769JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1qajYyLW1jM20tajc2Oc4AAupU
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: over 1 year ago
Updated: about 1 year ago
CVSS Score: 9.8
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Identifiers: GHSA-jj62-mc3m-j769, CVE-2020-21516
References:
- https://nvd.nist.gov/vuln/detail/CVE-2020-21516
- https://github.com/liufee/cms/issues/46
- https://github.com/liufee/cms/commit/ecbfb0ca77874ead5b6e79b96a5e1f94e67475a9
- https://github.com/liufee/cms/releases/tag/2.0.8.1
- https://github.com/advisories/GHSA-jj62-mc3m-j769
Blast Radius: 1.0
Affected Packages
packagist:feehi/cms
Dependent packages: 0Dependent repositories: 0
Downloads: 2,823 total
Affected Version Ranges: < 2.0.8.1
Fixed in: 2.0.8.1
All affected versions:
All unaffected versions: 0.0.1, 0.0.2, 0.0.3, 0.0.4, 0.0.5, 0.0.6, 0.0.7, 0.0.8, 0.0.9, 0.1.0, 0.1.1, 0.1.2, 0.1.3, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.1.0, 2.1.1