Lucene search

GitHub Advisory DatabaseGHSA-6VF2-MFMR-QQQW

HistoryJun 20, 2023 - 3:31 p.m.

Liufee CMS File Upload vulnerability

2023-06-2015:31:09

CWE-434

GitHub Advisory Database

github.com

file upload

vulnerability

liufee cms

feehicms v2.0.8

remote attacker

execute arbitrary code

admin component

software

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.013

Percentile

85.7%

JSON

File Upload vulnerability in Liufee CMS, AKA Feehicms v.2.0.8 allows a remote attacker to execute arbitrary code via the /admin/index.php?r=admin-user%2Fupdate-self component.

Affected configurations

Vulners

Node

feehifeehi_cmsRange<2.0.8.1

VendorProductVersionCPE
feehifeehi_cms*cpe:2.3:a:feehi:feehi_cms:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
feehi	feehi_cms	*	cpe:2.3:a:feehi:feehi_cms::::::::

References

github.com/advisories/GHSA-6vf2-mfmr-qqqw

github.com/liufee/cms/commit/ecbfb0ca77874ead5b6e79b96a5e1f94e67475a9

github.com/liufee/cms/issues/46

nvd.nist.gov/vuln/detail/CVE-2020-21489

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.013

Percentile

85.7%

JSON

Related for GHSA-6VF2-MFMR-QQQW