CVE-2020-22643

HIGH7.2EPSS 2.1%

Feehi CMS arbitrary file upload vulnerability

Published: 5/24/2022Modified: 2/16/2024

Description

Feehi CMS 2.1.0-beta is affected by an arbitrary file upload vulnerability, potentially resulting in remote code execution. After an administrator logs in, open the administrator image upload page to potentially upload malicious files.

Affected packages (1)

Packagist/feehi/cmsfrom 0, <= 2.1.0-beta

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

References (3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2020-22643
PATCHhttps://github.com/liufee/cms
WEBhttps://github.com/liufee/cms/issues/51