CVE-2020-21489: Liufee CMS File Upload vulnerability
9.8
CVSS Score
3.1
Basic Information
CVE ID
GHSA ID
EPSS Score
0.77777%
CWE
Published
6/20/2023
Updated
11/8/2023
KEV Status
No
Technology
PHP
Technical Details
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
feehi/cms | composer | < 2.0.8.1 | 2.0.8.1 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability stemmed from insufficient server-side validation
during file uploads. The patch added 'beforeValidate()' methods to explicitly use UploadedFile::getInstance()
, ensuring proper file handling. In vulnerable versions, the absence of these methods allowed attackers to bypass frontend restrictions. The Util::handleModelSingleFileUpload
function saved files without validating their types, and the beforeSave methods in User/Article
models triggered this insecure handling. The combination of missing UploadedFile
validation and unrestricted Util
function led to arbitrary file uploads.