Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2020-21516: Feehicms-2.0.8 can be attacked directly to getshell via the avatar uploads · Issue #46 · liufee/cms

There is an arbitrary file upload vulnerability in FeehiCMS 2.0.8 at the head image upload, that allows attackers to execute relevant PHP code.

CVE
Open in Source
#vulnerability#js#php

There is an arbitrary file upload vulnerability in the background avatar upload.

The CMS only verified the suffix of the file in the front end by js, and we found that we could upload the PHP scripts directly after using Burp Suite for package capture modification.

The attacker can modify the box in the picture and upload the PHP script directly, It also returns the upload path(In the red box on the right of the figure above).

When the PHP file content is a Trojan, attackers can get the shell directly.

Here I used Behinder as a shell management tool, and getshell successfully.

Related news

GHSA-jj62-mc3m-j769: FeehiCMS has an arbitrary file upload vulnerability

There is an arbitrary file upload vulnerability in FeehiCMS 2.0.8.1 at the head image upload, that allows attackers to execute relevant PHP code.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE