CVE-2020-22643

HIGH

Feehi CMS 2.1.0 - RCE

Title source: llm

Description

Feehi CMS 2.1.0 is affected by an arbitrary file upload vulnerability, potentially resulting in remote code execution. After an administrator logs in, open the administrator image upload page to potentially upload malicious files.

References (1)

[Exploit, Issue Tracking, Third Party Advisory] https://github.com/liufee/cms/issues/51

Scores

CVSS v3 7.2

EPSS 0.0206

EPSS Percentile 84.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-434

Status published

Products (2)

feehi/cms 0Packagist

feehi/feehi_cms 2.1.0

Published Jan 26, 2021

Tracked Since Feb 18, 2026