A vulnerability was found in FeehiCMS up to 2.1.1 and classified as critical. This issue affects the function insert of the file /admin/index.php?r=user%2Fcreate. The manipulation of the argument User[avatar] leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Affected Packages

Packagist feehi/cms

Affected versions: 0 (last affected: 2.1.1)

Related CVEs

CVE-2024-8296

Key Information

GHSA ID

GHSA-xp68-7g33-f49m

Published

August 29, 2024 3:30 PM

Last Modified

August 30, 2024 7:53 PM

CVSS Score

5.0 /10

Primary Ecosystem

Packagist

Primary Package

feehi/cms

GitHub Reviewed

✓ Yes

Dataset

Last updated: June 15, 2025 6:24 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.