Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1qeGc5LTJjaDctZjU1Ms4AAttV
Feehi CMS arbitrary code execution via crafted PHP file
An arbitrary file upload vulnerability in the Advertising Management module of Feehi CMS v2.1.1 allows attackers to execute arbitrary code via a crafted PHP file.
Permalink: https://github.com/advisories/GHSA-jxg9-2ch7-f552JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1qeGc5LTJjaDctZjU1Ms4AAttV
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 1 year ago
Updated: about 1 year ago
CVSS Score: 8.8
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Identifiers: GHSA-jxg9-2ch7-f552, CVE-2022-34971
References:
- https://nvd.nist.gov/vuln/detail/CVE-2022-34971
- https://github.com/liufee/cms/issues/62
- https://github.com/advisories/GHSA-jxg9-2ch7-f552
Blast Radius: 1.0
Affected Packages
packagist:feehi/cms
Dependent packages: 0Dependent repositories: 0
Downloads: 2,823 total
Affected Version Ranges: <= 2.1.1
No known fixed version
All affected versions: 0.0.1, 0.0.2, 0.0.3, 0.0.4, 0.0.5, 0.0.6, 0.0.7, 0.0.8, 0.0.9, 0.1.0, 0.1.1, 0.1.2, 0.1.3, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.1.0, 2.1.1