Feehi

Feehicms

24 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.3

CVE-2025-15264

  • EPSS 0.04%
  • Veröffentlicht 30.12.2025 19:15:44
  • Zuletzt bearbeitet 07.01.2026 17:44:36

A vulnerability was determined in FeehiCMS up to 2.1.1. Impacted is an unknown function of the file frontend/web/timthumb.php of the component TimThumb. Executing manipulation of the argument src can lead to server-side request forgery. The attack ca...

6.5

CVE-2025-65657

Exploit
  • EPSS 0.15%
  • Veröffentlicht 02.12.2025 00:00:00
  • Zuletzt bearbeitet 19.12.2025 18:18:36

FeehiCMS version 2.1.1 has a Remote Code Execution via Unrestricted File Upload in Ad Management. FeehiCMS version 2.1.1 allows authenticated remote attackers to upload files that the server later executes (or stores in an executable location) withou...

6.5

CVE-2025-63523

Exploit
  • EPSS 0.05%
  • Veröffentlicht 01.12.2025 00:00:00
  • Zuletzt bearbeitet 02.12.2025 03:06:26

FeehiCMS version 2.1.1 fails to enforce server-side immutability for parameters that are presented to clients as "read-only." An authenticated attacker can intercept and modify the parameter in transit and the backend accepts the changes. This can le...

4.6

CVE-2025-63522

Exploit
  • EPSS 0.03%
  • Veröffentlicht 01.12.2025 00:00:00
  • Zuletzt bearbeitet 02.12.2025 03:06:47

Reverse Tabnabbing vulnerability in FeehiCMS 2.1.1 in the Comments Management function

6.1

CVE-2025-63520

Exploit
  • EPSS 0.05%
  • Veröffentlicht 01.12.2025 00:00:00
  • Zuletzt bearbeitet 02.12.2025 03:06:59

Cross Site Scripting (XSS) vulnerability in FeehiCMS 2.1.1 via the id parameter of the User Update function (?r=user%2Fupdate).

9.8

CVE-2024-8296

Exploit
  • EPSS 0.22%
  • Veröffentlicht 29.08.2024 13:15:07
  • Zuletzt bearbeitet 30.08.2024 15:36:36

A vulnerability was found in FeehiCMS up to 2.1.1 and classified as critical. This issue affects the function insert of the file /admin/index.php?r=user%2Fcreate. The manipulation of the argument User[avatar] leads to unrestricted upload. The attack ...

9.8

CVE-2024-8295

Exploit
  • EPSS 0.27%
  • Veröffentlicht 29.08.2024 12:15:04
  • Zuletzt bearbeitet 30.08.2024 15:37:41

A vulnerability has been found in FeehiCMS up to 2.1.1 and classified as critical. This vulnerability affects the function createBanner of the file /admin/index.php?r=banner%2Fbanner-create. The manipulation of the argument BannerForm[img] leads to u...

9.8

CVE-2024-8294

Exploit
  • EPSS 0.22%
  • Veröffentlicht 29.08.2024 11:15:29
  • Zuletzt bearbeitet 30.08.2024 15:38:13

A vulnerability, which was classified as critical, was found in FeehiCMS up to 2.1.1. This affects the function update of the file /admin/index.php?r=friendly-link%2Fupdate. The manipulation of the argument FriendlyLink[image] leads to unrestricted u...

9.8

CVE-2020-21489

Exploit
  • EPSS 1.18%
  • Veröffentlicht 20.06.2023 15:15:11
  • Zuletzt bearbeitet 09.12.2024 22:15:21

File Upload vulnerability in Feehicms v.2.0.8 allows a remote attacker to execute arbitrary code via the /admin/index.php?r=admin-user%2Fupdate-self component.

9.8

CVE-2020-21174

Exploit
  • EPSS 1.48%
  • Veröffentlicht 20.06.2023 15:15:11
  • Zuletzt bearbeitet 10.12.2024 17:15:06

File Upload vulenrability in liufee CMS v.2.0.7.1 allows a remote attacker to execute arbitrary code via the image suffix function.