CVE-2022-34971

Vulnerability

Overview

The Advertising Management module in Feehi CMS v2.1.1 contains an arbitrary file upload vulnerability. The application does not properly validate the file type of uploaded images, allowing an attacker to upload a crafted PHP file by simply changing the file's extension to .php [1][3]. This stems from insufficient server-side checks on file content or MIME type.

Attack

Vector

An attacker must have access to the Advertising Management module, which typically requires administrator-level authentication in the backend [1]. Once authenticated, the attacker can navigate to the ad management section and, during the file upload process, rename a malicious PHP file (e.g., shell.php) and submit it. The server accepts the file as a valid upload without proper sanitization [3]. No additional network position is required beyond being able to access the admin interface.

Impact

Successful exploitation allows the attacker to execute arbitrary PHP code on the server. This can lead to full compromise of the web application, including data theft, server-side requests, and potential lateral movement within the hosting environment [2]. The vulnerability has been publicly demonstrated with a proof-of-concept (PoC) and is listed in CISA's Known Exploited Vulnerabilities (KEV) catalog [2].

Mitigation

As of the publication date, no official patch has been released for Feehi CMS v2.1.1. Users are advised to restrict access to the admin panel, implement strict file upload validation (e.g., file content inspection and MIME type verification), or consider migration to a supported alternative if the project remains unmaintained [1][2].