CMS
by Liufee
Source repositories
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-21174 | Cri | 0.57 | 9.8 | 0.01 | Jun 20, 2023 | File Upload vulenrability in liufee CMS v.2.0.7.1 allows a remote attacker to execute arbitrary code via the image suffix function. | ||
| CVE-2025-65657 | 0.00 | — | 0.00 | Dec 2, 2025 | FeehiCMS version 2.1.1 has a Remote Code Execution via Unrestricted File Upload in Ad Management. FeehiCMS version 2.1.1 allows authenticated remote attackers to upload files that the server later executes (or stores in an executable location) without sufficient validation,… | |||
| CVE-2025-63523 | 0.00 | — | 0.00 | Dec 1, 2025 | FeehiCMS version 2.1.1 fails to enforce server-side immutability for parameters that are presented to clients as "read-only." An authenticated attacker can intercept and modify the parameter in transit and the backend accepts the changes. This can lead to unintended username… | |||
| CVE-2025-63522 | 0.00 | — | 0.00 | Dec 1, 2025 | Reverse Tabnabbing vulnerability in FeehiCMS 2.1.1 in the Comments Management function | |||
| CVE-2025-63520 | 0.00 | — | 0.00 | Dec 1, 2025 | Cross Site Scripting (XSS) vulnerability in FeehiCMS 2.1.1 via the id parameter of the User Update function (?r=user%2Fupdate). |
- risk 0.57cvss 9.8epss 0.01
File Upload vulenrability in liufee CMS v.2.0.7.1 allows a remote attacker to execute arbitrary code via the image suffix function.
- CVE-2025-65657Dec 2, 2025risk 0.00cvss —epss 0.00
FeehiCMS version 2.1.1 has a Remote Code Execution via Unrestricted File Upload in Ad Management. FeehiCMS version 2.1.1 allows authenticated remote attackers to upload files that the server later executes (or stores in an executable location) without sufficient validation,…
- CVE-2025-63523Dec 1, 2025risk 0.00cvss —epss 0.00
FeehiCMS version 2.1.1 fails to enforce server-side immutability for parameters that are presented to clients as "read-only." An authenticated attacker can intercept and modify the parameter in transit and the backend accepts the changes. This can lead to unintended username…
- CVE-2025-63522Dec 1, 2025risk 0.00cvss —epss 0.00
Reverse Tabnabbing vulnerability in FeehiCMS 2.1.1 in the Comments Management function
- CVE-2025-63520Dec 1, 2025risk 0.00cvss —epss 0.00
Cross Site Scripting (XSS) vulnerability in FeehiCMS 2.1.1 via the id parameter of the User Update function (?r=user%2Fupdate).