RSS   Vulnerabilities for 'Feifeicms'   RSS

2021-04-22
 
CVE-2020-17564

CWE-22
 

 
Path Traversal in FeiFeiCMS v4.0 allows remote attackers to delete arbitrary files by sending a crafted HTTP request to the " Admin/DataAction.class.php" component.

 
 
CVE-2020-17563

CWE-22
 

 
Path Traversal in FeiFeiCMS v4.0 allows remote attackers to delete arbitrary files by sending a crafted HTTP request to " /index.php?s=/admin-tpl-del&id=".

 
2019-03-14
 
CVE-2019-9825

CWE-434
 

 
FeiFeiCMS 4.1.190209 allows remote attackers to upload and execute arbitrary PHP code by visiting index.php?s=Admin-Index to modify the set of allowable file extensions, as demonstrated by adding php to the default jpg,gif,png,jpeg setting, and then using the "add article" feature.

 
2019-02-17
 
CVE-2019-8412

CWE-22
 

 
FeiFeiCms 4.0.181010 on Windows allows remote attackers to read or delete arbitrary files via index.php?s=Admin-Data-Down-id-..\ or index.php?s=Admin-Data-Del-id-..\ directory traversal.

 


Copyright 2024, cxsecurity.com

 

Back to Top