0.003 Low
EPSS
Percentile
65.8%
feehi/cms is vulnerable to arbitrary file upload. The library only verifies the suffix of a file in the frontend, which allows an attacker to upload malicious files via the background avatar upload and remotely execute arbitrary code on the system.
github.com/liufee/cms/commit/ecbfb0ca77874ead5b6e79b96a5e1f94e67475a9
github.com/liufee/cms/issues/46