Critical severity9.8NVD Advisory· Published Mar 14, 2019· Updated Jun 17, 2026
CVE-2019-9825
CVE-2019-9825
Description
FeiFeiCMS 4.1.190209 allows remote attackers to upload and execute arbitrary PHP code by visiting index.php?s=Admin-Index to modify the set of allowable file extensions, as demonstrated by adding php to the default jpg,gif,png,jpeg setting, and then using the "add article" feature.
Affected products
1Patches
Vulnerability mechanics
References
2- blog.whiterabbitxyj.com/cve/FeiFeiCMS_4.1_code_execution.docnvdThird Party Advisory
- github.com/WhiteRabbitc/WhiteRabbitc.github.io/blob/master/cve/FeiFeiCMS_4.1_code_execution.docnvdThird Party Advisory
News mentions
0No linked articles in our index yet.