CVE-2021-36573 is a file upload vulnerability identified in Feehi CMS, a content management system, affecting versions up to 2.1.1. The vulnerability allows an attacker to upload crafted image files that contain malicious code, which can then be executed on the server. This type of vulnerability typically arises from insufficient validation and sanitization of uploaded files, enabling attackers to bypass security controls and upload files that are not strictly images but contain embedded executable code or scripts. The vulnerability is classified under CWE-79, which relates to Cross-Site Scripting (XSS), indicating that the malicious payload could also include script injections that affect the integrity and confidentiality of the system. The CVSS 3.1 base score is 5.4 (medium severity), with vector metrics indicating network attack vector (AV:N), low attack complexity (AC:L), requiring privileges (PR:L), user interaction (UI:R), scope changed (S:C), and low impact on confidentiality and integrity (C:L/I:L) but no impact on availability (A:N). The requirement for privileges and user interaction suggests that exploitation is not trivial and may require an authenticated user to upload the malicious file and another user to interact with it to trigger the code execution. The scope change indicates that the vulnerability affects components beyond the initially vulnerable component, potentially impacting the entire CMS environment. No known exploits are currently reported in the wild, and no official patches or vendor advisories are listed, which may indicate limited public awareness or exploitation to date. However, given the nature of CMS platforms and their common use in web-facing environments, this vulnerability poses a risk of unauthorized code execution, leading to potential defacement, data leakage, or further compromise of the hosting infrastructure.

For European organizations using Feehi CMS, this vulnerability could lead to unauthorized code execution on web servers, compromising the confidentiality and integrity of hosted data and services. Attackers could leverage this to inject malicious scripts, deface websites, steal sensitive user information, or pivot to internal networks. Given that Feehi CMS is a web-facing platform, exploitation could disrupt business operations, damage reputation, and lead to regulatory compliance issues under GDPR if personal data is exposed. The requirement for user interaction and privileges somewhat limits the attack surface but does not eliminate risk, especially in environments with multiple users or weak access controls. Organizations in sectors with high web presence, such as media, education, or government, may face elevated risks. Additionally, the scope change implies that the vulnerability could affect multiple components, increasing potential damage. The absence of known exploits suggests a window of opportunity for proactive mitigation before widespread attacks occur.

Conduct an immediate audit of all Feehi CMS instances to identify versions in use and verify if they are at or below version 2.1.1. Implement strict file upload validation mechanisms, including MIME type checking, file extension whitelisting, and content inspection to ensure only legitimate image files are accepted. Enforce least privilege principles by limiting user roles that can upload files, and segregate duties to reduce the risk of malicious uploads. Apply web application firewall (WAF) rules tailored to detect and block suspicious file upload patterns and script injections targeting Feehi CMS. Monitor logs for unusual file upload activities and user interactions that could indicate exploitation attempts. If possible, isolate the CMS environment in a sandboxed or containerized setup to limit the impact of potential code execution. Engage with the Feehi CMS community or maintainers to obtain or request security patches or updates addressing this vulnerability. Educate users with upload privileges about the risks and signs of exploitation to reduce inadvertent triggering of malicious payloads. Regularly back up CMS data and configurations to enable rapid recovery in case of compromise.