CVE-2020-22643
Feehi CMS arbitrary file upload vulnerability
7.2
HIGH
CVSS 3.1
EPSS 2.1%
Description
Feehi CMS 2.1.0-beta is affected by an arbitrary file upload vulnerability, potentially resulting in remote code execution. After an administrator logs in, open the administrator image upload page to potentially upload malicious files.
How to fix CVE-2020-22643
No fixed version has been published yet. Mitigate by removing the affected package or applying upstream guidance from the references below.
- —no fix listed
Is CVE-2020-22643 being exploited?
Low — EPSS is 2.1%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, <= 2.1.0-beta
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.2 | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |