Skip to main content

Feifeicms

3 CVEs product

Monthly

CVE-2023-1565 MEDIUM POC This Month

A vulnerability was found in FeiFeiCMS 2.7.130201. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Feifeicms
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2019-9825 CRITICAL Act Now

FeiFeiCMS 4.1.190209 allows remote attackers to upload and execute arbitrary PHP code by visiting index.php?s=Admin-Index to modify the set of allowable file extensions, as demonstrated by adding php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Feifeicms
NVD GitHub
CVSS 3.0
9.8
EPSS
2.2%
CVE-2019-8412 HIGH POC This Week

FeiFeiCms 4.0.181010 on Windows allows remote attackers to read or delete arbitrary files via index.php?s=Admin-Data-Down-id-..\ or index.php?s=Admin-Data-Del-id-..\ directory traversal. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Microsoft Feifeicms
NVD GitHub
CVSS 3.0
8.8
EPSS
2.9%
EPSS 1% CVSS 5.4
MEDIUM POC This Month

A vulnerability was found in FeiFeiCMS 2.7.130201. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Feifeicms
NVD GitHub VulDB
EPSS 2% CVSS 9.8
CRITICAL Act Now

FeiFeiCMS 4.1.190209 allows remote attackers to upload and execute arbitrary PHP code by visiting index.php?s=Admin-Index to modify the set of allowable file extensions, as demonstrated by adding php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Feifeicms
NVD GitHub
EPSS 3% CVSS 8.8
HIGH POC This Week

FeiFeiCms 4.0.181010 on Windows allows remote attackers to read or delete arbitrary files via index.php?s=Admin-Data-Down-id-..\ or index.php?s=Admin-Data-Del-id-..\ directory traversal. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Microsoft +1
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy