CVE-2020-22643

HIGH

Feehi CMS 2.1.0 - Authenticated Arbitrary File Upload via Administrator Image Upload

Title source: llm
STIX 2.1

Description

Feehi CMS 2.1.0 is affected by an arbitrary file upload vulnerability, potentially resulting in remote code execution. After an administrator logs in, open the administrator image upload page to potentially upload malicious files.

References (1)

Core 1
Core References
Exploit, Issue Tracking, Third Party Advisory x_refsource_misc
https://github.com/liufee/cms/issues/51

Scores

CVSS v3 7.2
EPSS 0.0191
EPSS Percentile 77.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-434
Status published
Products (2)
feehi/cms 0Packagist
feehi/feehi_cms 2.1.0
Published Jan 26, 2021
Tracked Since Feb 18, 2026