Skip to main content

Feehicms CVE-2022-4014

MEDIUM
Incorrect Authorization (CWE-863)
2022-11-16 cna@vuldb.com
4.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.3 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Nov 16, 2022 - 08:15 nvd
MEDIUM 4.3

DescriptionNVD

A vulnerability, which was classified as problematic, has been found in FeehiCMS. Affected by this issue is some unknown functionality of the component Post My Comment Tab. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The identifier of this vulnerability is VDB-213788.

AnalysisAI

A vulnerability, which was classified as problematic, has been found in FeehiCMS. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Incorrect Authorization (CWE-863), which allows attackers to bypass authorization checks to access restricted resources. A vulnerability, which was classified as problematic, has been found in FeehiCMS. Affected by this issue is some unknown functionality of the component Post My Comment Tab. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The identifier of this vulnerability is VDB-213788. Affected products include: Feehi Feehicms.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Review and test authorization logic, implement consistent access control checks, use centralized authorization framework.

CVE-2025-65657 MEDIUM POC
6.5 Dec 02

FeehiCMS version 2.1.1 has a Remote Code Execution via Unrestricted File Upload in Ad Management. FeehiCMS version 2.1.1

CVE-2025-63523 MEDIUM POC
6.5 Dec 01

FeehiCMS version 2.1.1 fails to enforce server-side immutability for parameters that are presented to clients as "read-o

CVE-2025-63520 MEDIUM POC
6.1 Dec 01

Cross Site Scripting (XSS) vulnerability in FeehiCMS 2.1.1 via the id parameter of the User Update function (?r=user%2Fu

CVE-2022-43320 MEDIUM POC
6.1 Nov 09

FeehiCMS v2.1.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the id parameter at /

CVE-2022-40373 MEDIUM POC
5.4 Dec 15

Cross Site Scripting (XSS) vulnerability in FeehiCMS 2.1.1 allows remote attackers to run arbitrary code via upload of c

CVE-2022-40002 MEDIUM POC
5.4 Dec 15

Cross Site Scripting (XSS) vulnerability in FeehiCMS-2.1.1 allows remote attackers to run arbirtary code via the callbac

CVE-2022-40001 MEDIUM POC
5.4 Dec 15

Cross Site Scripting (XSS) vulnerability in FeehiCMS-2.1.1 allows remote attackers to run arbitrary code via the title f

CVE-2022-40000 MEDIUM POC
5.4 Dec 15

Cross Site Scripting (XSS) vulnerability in FeehiCMS-2.1.1 allows remote attackers to run arbitrary code via the usernam

CVE-2022-40408 MEDIUM POC
5.4 Sep 29

FeehiCMS v2.1.1 was discovered to contain a cross-site scripting (XSS) vulnerability via a crafted payload injected into

CVE-2024-8296 MEDIUM POC
5.3 Aug 29

A vulnerability was found in FeehiCMS up to 2.1.1 and classified as critical.php?r=user%2Fcreate. Rated medium severity

CVE-2024-8295 MEDIUM POC
5.3 Aug 29

A vulnerability has been found in FeehiCMS up to 2.1.1 and classified as critical. Rated medium severity (CVSS 5.3), thi

CVE-2024-8294 MEDIUM POC
5.3 Aug 29

A vulnerability, which was classified as critical, was found in FeehiCMS up to 2.1.1. Rated medium severity (CVSS 5.3),

Share

CVE-2022-4014 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy