VYPR

FeiFeiCMS

by FeiFeiCMS

CVEs (6)

  • CVE-2019-9825CriMar 14, 2019
    risk 0.64cvss 9.8epss 0.02

    FeiFeiCMS 4.1.190209 allows remote attackers to upload and execute arbitrary PHP code by visiting index.php?s=Admin-Index to modify the set of allowable file extensions, as demonstrated by adding php to the default jpg,gif,png,jpeg setting, and then using the "add article"…

  • CVE-2020-17564CriApr 22, 2021
    risk 0.59cvss 9.1epss 0.03

    Path Traversal in FeiFeiCMS v4.0 allows remote attackers to delete arbitrary files by sending a crafted HTTP request to the " Admin/DataAction.class.php" component.

  • CVE-2020-17563CriApr 22, 2021
    risk 0.59cvss 9.1epss 0.03

    Path Traversal in FeiFeiCMS v4.0 allows remote attackers to delete arbitrary files by sending a crafted HTTP request to " /index.php?s=/admin-tpl-del&id=".

  • CVE-2020-18418HigJun 27, 2023
    risk 0.57cvss 8.8epss 0.00

    A Cross site request forgery (CSRF) vulnerability was discovered in FeiFeiCMS v4.1.190209, which allows attackers to create administrator accounts via /index.php?s=Admin-Admin-Insert.

  • CVE-2019-8412HigFeb 17, 2019
    risk 0.57cvss 8.8epss 0.03

    FeiFeiCms 4.0.181010 on Windows allows remote attackers to read or delete arbitrary files via index.php?s=Admin-Data-Down-id-..\ or index.php?s=Admin-Data-Del-id-..\ directory traversal.

  • CVE-2023-1565LowMar 22, 2023
    risk 0.23cvss 3.5epss 0.01

    A vulnerability was found in FeiFeiCMS 2.7.130201. It has been classified as problematic. This affects an unknown part of the file \Public\system\slide_add.html of the component Extension Tool. The manipulation leads to cross site scripting. It is possible to initiate the attack…