Arbitrary File Upload Vulnerability in Feehi CMS by Feehi
CVE-2020-22643

7.2HIGH

Key Information:

Vendor: Feehi
Status: Feehi Cms
Vendor: CVE Published:; 26 January 2021

What is CVE-2020-22643?

Feehi CMS version 2.1.0 contains an arbitrary file upload vulnerability that could allow an attacker with administrator access to upload malicious files. This flaw occurs on the administrator image upload page, which, once exploited, can lead to the execution of remote code on the affected server. Proper input validation and secure file handling practices are essential to mitigate such risks.

References

https://github.com/liufee/cms/issues/51

x_refsource_MISC

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 26, 2021
Vulnerability Reserved
Aug 13, 2020

CVE-2020-22643 Data

JSON