GHSA-65x8-9vgm-5fg5

Source

https://github.com/advisories/GHSA-65x8-9vgm-5fg5

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-65x8-9vgm-5fg5/GHSA-65x8-9vgm-5fg5.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-65x8-9vgm-5fg5

Aliases

CVE-2020-22643

Published

2022-05-24T17:40:04Z

Modified

2024-02-16T08:13:59.679040Z

Severity

7.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Feehi CMS arbitrary file upload vulnerability

Details

Feehi CMS 2.1.0-beta is affected by an arbitrary file upload vulnerability, potentially resulting in remote code execution. After an administrator logs in, open the administrator image upload page to potentially upload malicious files.

Database specific

{
    "nvd_published_at": "2021-01-26T18:15:00Z",
    "cwe_ids": [
        "CWE-434"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2023-07-07T13:48:29Z"
}

References

Affected packages

Packagist / feehi/cms

Package

Name: feehi/cms
Purl: pkg:composer/feehi/cms

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

2.1.0-beta

Affected versions

0.*

0.0.1

0.0.2

0.0.3

0.0.4

0.0.5

0.0.6

0.0.7

0.0.8

0.0.9

0.1.0

0.1.1

0.1.2

0.1.3

1.*

1.0.0alpha1

1.0.0alpha2

1.0.0-alpha3

1.0.0beta1

1.0.0beta2

1.0.0beta3

1.0.0rc1

1.0.0rc2

2.*

2.0.0

2.0.1

2.0.2

2.0.3

2.0.4

2.0.4.1

2.0.5

2.0.5.1

2.0.6

2.0.7

2.0.7.1

2.0.8

2.0.8.1

2.1.0-beta