FeehiCMS up to 2.1.1 Unrestricted File Upload via Avatar Parameter (CVE-2024-8296)

Key Information Vulnerability Description Vulnerability Name: FeehiCMS up to 2.1.1 Index.php Insert User[Avatar] Unrestricted Upload Vulnerability ID: VDB-276071, CVE-2024-8296 Affected Versions: FeehiCMS up to 2.1.1 Issue Description: In the function, unauthorized upload vulnerability caused by unknown input via the parameter. CVSS Meta Temp Score Score: 6.0 Current Exploit Price Price Range: $0–$5k CTI Interest Score Score: 0.83 Impact Affected Component: FeehiCMS up to 2.1.1 Impact Type: Confidentiality, Integrity, Availability Impact Severity: Severe Public Disclosure Disclosure Date: 2024 Disclosure Platform: gitee.com Disclosure Content: Identification and description of the vulnerability Exploit Difficulty Exploit Difficulty: Easy Exploitation Method Exploitation Method: Remote exploitation Known Exploits: Public exploit tools exist Technical Details Technical Details: Public exploit tools exist Technical Details Source: gitee.com Recommendations Recommendations: No specific mitigation measures mentioned, but it is advised to replace the affected component. Related Links Related Links: VDB-27853, VDB-36884, VDB-74376, VDB-76120 Other Copyright Information: VulDB.com, CC BY-NC-SA Version: v18.4.1

Goal Reached Thanks to every supporter — we hit 100%!

FeehiCMS up to 2.1.1 Unrestricted File Upload via Avatar Parameter (CVE-2024-8296)