Skip to content

Arbitrary Code Execution in feehi/cms

High severity GitHub Reviewed Published Sep 20, 2021 to the GitHub Advisory Database • Updated Feb 1, 2023

Package

composer feehi/cms (Composer)

Affected versions

<= 2.0.8

Patched versions

2.0.8.1

Description

An arbitrary file upload vulnerability in Feehi CMS v2.0.8 and below allows attackers to execute arbitrary code via a crafted PHP file.

References

Published by the National Vulnerability Database Sep 15, 2021
Reviewed Sep 17, 2021
Published to the GitHub Advisory Database Sep 20, 2021
Last updated Feb 1, 2023

Severity

High

EPSS score

0.830%
(82nd percentile)

Weaknesses

CVE ID

CVE-2020-21322

GHSA ID

GHSA-rf3w-29h3-r636

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.