CVE-2020-21489

Name of the Vulnerable Software and Affected Versions Feehicms version 2.0.8

Description The issue allows a remote attacker to execute arbitrary code via the "/admin/index.php?r=admin-user%2Fupdate-self" component. This is a File Upload vulnerability, which can be exploited by a remote attacker.

Recommendations For Feehicms version 2.0.8, consider disabling the file upload functionality in the /admin/index.php?r=admin-user%2Fupdate-self component until a patch is available. Restrict access to this component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.