CVE-2020-21174
published 2023-06-20CVE-2020-21174: File Upload vulenrability in liufee CMS v.2.0.7.1 allows a remote attacker to execute arbitrary code via the image suffix function.
PriorityP353critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.31%
67.1th percentile
File Upload vulenrability in liufee CMS v.2.0.7.1 allows a remote attacker to execute arbitrary code via the image suffix function.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| feehi | cms | >= 0 < 2.0.8.1 | 2.0.8.1 |
| feehi | feehicms | — | — |
| chrome_chrome | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
liufee CMS File Upload vulnerability
ghsa·2023-06-20
CVE-2020-21174 [CRITICAL] CWE-434 liufee CMS File Upload vulnerability
liufee CMS File Upload vulnerability
File Upload vulnerability in liufee CMS v.2.0.7.1 allows a remote attacker to execute arbitrary code via the image suffix function.
OSV
liufee CMS File Upload vulnerability
osv·2023-06-20
CVE-2020-21174 [CRITICAL] liufee CMS File Upload vulnerability
liufee CMS File Upload vulnerability
File Upload vulnerability in liufee CMS v.2.0.7.1 allows a remote attacker to execute arbitrary code via the image suffix function.
Chrome
Stable Channel Update for Desktop: CVE-2021-21174
vendor_chrome·2021-03-02·CVSS 8.8
CVE-2021-21174 [MEDIUM] Stable Channel Update for Desktop: CVE-2021-21174
Stable Channel Update for Desktop
CVE-2021-21174: Inappropriate implementation in Referrer. Reported by Jun Kokatsu (@shhnjk) on 2020-11-26 [$TBD][ 1146651 ] Medium CVE-2021-21175: Inappropriate implementation in Site isolation
Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2020-11-07 [$TBD][ 1170584 ] Medium CVE-2021-21176: Inappropriate implementation in full screen mode
Severity: medium
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-06-20
Published