GHSA-rf3w-29h3-r636

Source

https://github.com/advisories/GHSA-rf3w-29h3-r636

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/09/GHSA-rf3w-29h3-r636/GHSA-rf3w-29h3-r636.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-rf3w-29h3-r636

Aliases

CVE-2020-21322

Published

2021-09-20T20:45:35Z

Modified

2024-12-02T05:46:40.901101Z

Summary

Arbitrary Code Execution in feehi/cms

Details

An arbitrary file upload vulnerability in Feehi CMS v2.0.8 and below allows attackers to execute arbitrary code via a crafted PHP file.

Database specific

{
    "nvd_published_at": "2021-09-15T22:15:00Z",
    "cwe_ids": [
        "CWE-434"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2021-09-17T17:54:21Z"
}

References

Affected packages

Packagist / feehi/cms

Package

Name: feehi/cms
Purl: pkg:composer/feehi/cms

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.0.8.1

Affected versions

0.*

0.0.1

0.0.2

0.0.3

0.0.4

0.0.5

0.0.6

0.0.7

0.0.8

0.0.9

0.1.0

0.1.1

0.1.2

0.1.3

1.*

1.0.0alpha1

1.0.0alpha2

1.0.0-alpha3

1.0.0beta1

1.0.0beta2

1.0.0beta3

1.0.0rc1

1.0.0rc2

2.*

2.0.0

2.0.1

2.0.2

2.0.3

2.0.4

2.0.4.1

2.0.5

2.0.5.1

2.0.6

2.0.7

2.0.7.1

2.0.8

Database specific

{
    "last_known_affected_version_range": "<= 2.0.8"
}