| |
Vulnerability CVE-2020-22643
Published: 2021-01-26
| Description: |
Feehi CMS 2.1.0 is affected by an arbitrary file upload vulnerability, potentially resulting in remote code execution. After an administrator logs in, open the administrator image upload page to potentially upload malicious files. |
Type:
CWE-434 (Unrestricted Upload of File with Dangerous Type)
CVSS2 => (AV:N/AC:L/Au:S/C:P/I:P/A:P)
| CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
6.5/10 |
6.4/10 |
8/10 |
| Exploit range |
Attack complexity |
Authentication |
Remote |
Low |
Single time |
| Confidentiality impact |
Integrity impact |
Availability impact |
Partial |
Partial |
Partial |
References: |
https://github.com/liufee/cms/issues/51
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
