FeiFeiCMS
Products
1- 6 CVEs
Recent CVEs
6| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-9825 | Cri | 0.64 | 9.8 | 0.02 | Mar 14, 2019 | FeiFeiCMS 4.1.190209 allows remote attackers to upload and execute arbitrary PHP code by visiting index.php?s=Admin-Index to modify the set of allowable file extensions, as demonstrated by adding php to the default jpg,gif,png,jpeg setting, and then using the "add article"… | ||
| CVE-2020-17564 | Cri | 0.59 | 9.1 | 0.03 | Apr 22, 2021 | Path Traversal in FeiFeiCMS v4.0 allows remote attackers to delete arbitrary files by sending a crafted HTTP request to the " Admin/DataAction.class.php" component. | ||
| CVE-2020-17563 | Cri | 0.59 | 9.1 | 0.03 | Apr 22, 2021 | Path Traversal in FeiFeiCMS v4.0 allows remote attackers to delete arbitrary files by sending a crafted HTTP request to " /index.php?s=/admin-tpl-del&id=". | ||
| CVE-2020-18418 | Hig | 0.57 | 8.8 | 0.00 | Jun 27, 2023 | A Cross site request forgery (CSRF) vulnerability was discovered in FeiFeiCMS v4.1.190209, which allows attackers to create administrator accounts via /index.php?s=Admin-Admin-Insert. | ||
| CVE-2019-8412 | Hig | 0.57 | 8.8 | 0.03 | Feb 17, 2019 | FeiFeiCms 4.0.181010 on Windows allows remote attackers to read or delete arbitrary files via index.php?s=Admin-Data-Down-id-..\ or index.php?s=Admin-Data-Del-id-..\ directory traversal. | ||
| CVE-2023-1565 | Low | 0.23 | 3.5 | 0.01 | Mar 22, 2023 | A vulnerability was found in FeiFeiCMS 2.7.130201. It has been classified as problematic. This affects an unknown part of the file \Public\system\slide_add.html of the component Extension Tool. The manipulation leads to cross site scripting. It is possible to initiate the attack… |
- risk 0.64cvss 9.8epss 0.02
FeiFeiCMS 4.1.190209 allows remote attackers to upload and execute arbitrary PHP code by visiting index.php?s=Admin-Index to modify the set of allowable file extensions, as demonstrated by adding php to the default jpg,gif,png,jpeg setting, and then using the "add article"…
- risk 0.59cvss 9.1epss 0.03
Path Traversal in FeiFeiCMS v4.0 allows remote attackers to delete arbitrary files by sending a crafted HTTP request to the " Admin/DataAction.class.php" component.
- risk 0.59cvss 9.1epss 0.03
Path Traversal in FeiFeiCMS v4.0 allows remote attackers to delete arbitrary files by sending a crafted HTTP request to " /index.php?s=/admin-tpl-del&id=".
- risk 0.57cvss 8.8epss 0.00
A Cross site request forgery (CSRF) vulnerability was discovered in FeiFeiCMS v4.1.190209, which allows attackers to create administrator accounts via /index.php?s=Admin-Admin-Insert.
- risk 0.57cvss 8.8epss 0.03
FeiFeiCms 4.0.181010 on Windows allows remote attackers to read or delete arbitrary files via index.php?s=Admin-Data-Down-id-..\ or index.php?s=Admin-Data-Del-id-..\ directory traversal.
- risk 0.23cvss 3.5epss 0.01
A vulnerability was found in FeiFeiCMS 2.7.130201. It has been classified as problematic. This affects an unknown part of the file \Public\system\slide_add.html of the component Extension Tool. The manipulation leads to cross site scripting. It is possible to initiate the attack…