Lucene search

GoogleOSV:GHSA-JJ62-MC3M-J769

HistorySep 07, 2022 - 12:01 a.m.

FeehiCMS has an arbitrary file upload vulnerability

2022-09-0700:01:50

Google

osv.dev

feehicms

arbitrary file upload

php code execution

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.003 Low

EPSS

Percentile

65.8%

JSON

There is an arbitrary file upload vulnerability in FeehiCMS 2.0.8.1 at the head image upload, that allows attackers to execute relevant PHP code.

CPENameOperatorVersion
feehi/cmseq2.0.8
feehi/cmseq2.0.0
feehi/cmseq1.0.0beta1
feehi/cmseq1.0.0beta3
feehi/cmseq0.1.3
feehi/cmseq0.0.5
feehi/cmseq1.0.0alpha1
feehi/cmseq1.0.0-alpha3
feehi/cmseq1.0.0beta2
feehi/cmseq1.0.0rc1

Name	Operator	Version
feehi/cms	eq	2.0.8
feehi/cms	eq	2.0.0
feehi/cms	eq	1.0.0beta1
feehi/cms	eq	1.0.0beta3
feehi/cms	eq	0.1.3
feehi/cms	eq	0.0.5
feehi/cms	eq	1.0.0alpha1
feehi/cms	eq	1.0.0-alpha3
feehi/cms	eq	1.0.0beta2
feehi/cms	eq	1.0.0rc1

Rows per page:

1-10 of 331

References

github.com/liufee/cms

github.com/liufee/cms/commit/ecbfb0ca77874ead5b6e79b96a5e1f94e67475a9

github.com/liufee/cms/issues/46

github.com/liufee/cms/releases/tag/2.0.8.1

nvd.nist.gov/vuln/detail/CVE-2020-21516

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.003 Low

EPSS

Percentile

65.8%

JSON

Related for OSV:GHSA-JJ62-MC3M-J769