CVE-2020-21516: Unrestricted Upload of File with Dangerous Type

September 7, 2022 (updated September 15, 2022)

There is an arbitrary file upload vulnerability in FeehiCMS 2.0.8 at the head image upload, that allows attackers to execute relevant PHP code.

References

github.com/advisories/GHSA-jj62-mc3m-j769
github.com/liufee/cms/commit/ecbfb0ca77874ead5b6e79b96a5e1f94e67475a9
github.com/liufee/cms/issues/46
github.com/liufee/cms/releases/tag/2.0.8.1
nvd.nist.gov/vuln/detail/CVE-2020-21516

Code Behaviors & Features

Detect and mitigate CVE-2020-21516 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →