CVE-2020-18418
- EPSS 0.06%
- Veröffentlicht 27.06.2023 19:15:09
- Zuletzt bearbeitet 21.11.2024 05:08:34
A Cross site request forgery (CSRF) vulnerability was discovered in FeiFeiCMS v4.1.190209, which allows attackers to create administrator accounts via /index.php?s=Admin-Admin-Insert.
CVE-2023-1565
- EPSS 0.09%
- Veröffentlicht 22.03.2023 13:15:09
- Zuletzt bearbeitet 21.11.2024 07:39:27
A vulnerability was found in FeiFeiCMS 2.7.130201. It has been classified as problematic. This affects an unknown part of the file \Public\system\slide_add.html of the component Extension Tool. The manipulation leads to cross site scripting. It is po...
CVE-2020-17563
- EPSS 11.68%
- Veröffentlicht 22.04.2021 22:15:11
- Zuletzt bearbeitet 21.11.2024 05:08:20
Path Traversal in FeiFeiCMS v4.0 allows remote attackers to delete arbitrary files by sending a crafted HTTP request to " /index.php?s=/admin-tpl-del&id=".
CVE-2020-17564
- EPSS 11.68%
- Veröffentlicht 22.04.2021 22:15:11
- Zuletzt bearbeitet 21.11.2024 05:08:20
Path Traversal in FeiFeiCMS v4.0 allows remote attackers to delete arbitrary files by sending a crafted HTTP request to the " Admin/DataAction.class.php" component.
CVE-2019-9825
- EPSS 0.75%
- Veröffentlicht 14.03.2019 22:29:01
- Zuletzt bearbeitet 21.11.2024 04:52:23
FeiFeiCMS 4.1.190209 allows remote attackers to upload and execute arbitrary PHP code by visiting index.php?s=Admin-Index to modify the set of allowable file extensions, as demonstrated by adding php to the default jpg,gif,png,jpeg setting, and then ...
CVE-2019-8412
- EPSS 1.11%
- Veröffentlicht 17.02.2019 19:29:00
- Zuletzt bearbeitet 21.11.2024 04:49:51
FeiFeiCms 4.0.181010 on Windows allows remote attackers to read or delete arbitrary files via index.php?s=Admin-Data-Down-id-..\ or index.php?s=Admin-Data-Del-id-..\ directory traversal.