A vulnerability has been found in FeehiCMS up to 2.1.1 and classified as critical. This vulnerability affects the function createBanner of the file /admin/index.php?r=banner%2Fbanner-create. The manipulation of the argument BannerForm[img] leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Affected Packages

Packagist feehi/cms

Affected versions: 0 (last affected: 2.1.1)

Related CVEs

CVE-2024-8295

Key Information

GHSA ID

GHSA-3wrg-6mg5-jg2v

Published

August 29, 2024 12:31 PM

Last Modified

August 30, 2024 7:53 PM

CVSS Score

5.0 /10

Primary Ecosystem

Packagist

Primary Package

feehi/cms

GitHub Reviewed

✓ Yes

Dataset

Last updated: June 15, 2025 6:24 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.